[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: long delays with LDAP nss/pam

Be careful with indexing and slapindex.

Slapindex is supposed to be run when the slapd daemon is down, or the db is in
read-only mode.

>From the 'slapindex' man page:

       Your  slapd(8)  should  not  be  running (at least, not in
       read-write mode) when you do this to ensure consistency of
       the database.

On 27/10/04 09:43 +0200, martin f krafft wrote:
> We run a big cluster, managed by FAI, using LDAP and NFS to provide
> users with homogenous environments across all nodes. All machines
> run sarge, and slapd is tunnelled via SSL for security purposes.
> Read-only access to the passwd/group directory is anonymous. All
> nodes are running nscd.
> While this worked beautifully last week, I returned this week to
> find everything taking ages. ls /home takes about 3 seconds before
> listing the directories (libnss apparently takes so long to map
> uid->login), even when there are only 10 directories at the moment
> (the cluster is still in beta). Furthermore, logging in takes
> between 2 and 10 seconds.
> If I tune in to the slapd debug output, I can see it working big
> time and accessing millions of keys. This was not the case last
> week, or slapd was about 100 times faster then. The only change
> I can remember was adding a new group and placing a bunch of people
> in there. This should not have the aforementioned effect really.
> Has anyone experienced the above before? What could be the reason?
> How can I fix this?
> Would this post have been better over at -user?
> -- 
> Please do not CC me when replying to lists; I read them!
>  .''`.     martin f. krafft <madduck@debian.org>
> : :'  :    proud Debian developer, admin, and user
> `. `'`
>   `-  Debian - when you have better things to do than fixing a system
> Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Ted Knab
Chester, Maryland  21619 USA

See you at LISA in Atlanta. :)

Reply to: