Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 13 Oct 2015 13:02:45 +0200
From:      Johan Hendriks <joh.hendriks@gmail.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: Top takes long to start
Message-ID:  <561CE4D5.7010406@gmail.com>
In-Reply-To: <561B7659.1090907@freebsd.org>
References:  <561B6979.3090301@gmail.com> <561B7659.1090907@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 


Op 12/10/15 om 10:59 schreef Matthew Seaman:
> On 10/12/15 09:04, Johan Hendriks wrote:
>> We use a central LDAP server with about 10k of user accounts.
>> This is all running on Ubuntu servers. When we use top on a linux
>> client, top starts instant.
>> Now we are in the process of adding some FreeBSD server in the mix.
>> One thing we noticed is the fact that as soon as we enable ldap top
>> takes about 3 to 5 seconds to start on the FreeBSD hosts.
> Wht are you using for ldap pam/nss connectivity?  Definitely recommend
> net/nss-pam-ldapd or net/nss-pam-ldapd-sasl (if your LDAP requires SASL
> auth).  This has a built in nslcd cache daemon, which should help avoid
> some of the delays involved in looking up userids over your lan.
>
> 	Cheers,
>
> 	Matthew
>
>
I am using nss-pam-ldapd-sasl-0.8.14_3.
This is my /usr/local/etc/nslcd.conf file

# This is the configuration file for the LDAP nameservice
# switch library's nslcd daemon. It configures the mapping
# between NSS names (see /etc/nsswitch.conf) and LDAP
# information in the directory.
# See the manual page nslcd.conf(5) for more information.

# The user and group nslcd should run as.
uid nslcd
gid nslcd

uri ldap://ldap.mydomain.com ldap://ldap-replication.mydomain.com

base dc=mydomain,dc=com

binddn uid=nss_pam,ou=account,dc=mydomain,dc=com

bindpw thisissecret

ssl start_tls
#tls_reqcert never
tls_reqcert demand
tls_cacertfile /etc/ssl/ca-certificates.crt

pam_authz_search
(&(objectClass=posixAccount)(uid=$username)(|(host=$hostname)(host=$fqdn)(host=\\*))(authorizedService=$service))



My /etc/nsswitch.conf looks like

group: files ldap
group_compat: nis
hosts: files dns
networks: files
passwd: files ldap
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files

Do I need to enable the caching?

Also lookups are running fine
id user  gives a instant reply btw.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?561CE4D5.7010406>