Date: Wed, 26 Jan 2005 23:52:20 +0000 From: Dick Davies <rasputnik@hellooperator.net> To: Albert Shih <shih@math.jussieu.fr> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Authentication with ldap very slow Message-ID: <20050126235220.GI57113@eris.tenfour> In-Reply-To: <20050126233130.GA5551@math.jussieu.fr> References: <20050126220336.GA23003@math.jussieu.fr> <20050126232802.GH57113@eris.tenfour> <20050126233130.GA5551@math.jussieu.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
* Albert Shih <shih@math.jussieu.fr> [0131 23:31]: > Le 26/01/2005 ? 23:28:02+0000, Dick Davies a ?crit > > * Albert Shih <shih@math.jussieu.fr> [0105 22:05]: > > > Hi > > > > > > I've a server (FreeBSD 5.3-p5) to use a openldap for authentication. > > > > > > Everthing work fine but....it's very slow when some operation need to known > > > the id <--> uid. For example if I try to execute some > > > > > > cd /home > > > ls -l * > > > > > > It's very very slow. > > Are you on a dialup or something? > > no on 100 Mbits/s switching network ;-) soon on 1Gbits/s ;-)) Wierd - I've got a wireless (11mbit) client using nss_ldap via startTLS and have no trouble at all (and the server is a 600Mhz mini-itx box). i just tried : make /tmp/mydir ls -lR that and tcpdump what i'm sending to the server (about a dozen lines of output) ls -lR /usr/local/misc (about 3Gb of mp3s owned by me) and tcpdump what i'm sending to the server (about a dozen lines of output) so it looks like only the one query is done by ls (i.e. it only looks up the name when it displays the output). How many directories are under /home? Unless we're talking hundreds, it shouldn't be more than a second or so delay, tops. It does'nt appear to caching (repeating the ls a couple of seconds later sends the same query), but then i don't think that accounts for your huge delays. It's definitely the uid lookup? Not NFS /home or something (Is ls * much faster than ls -l)? Anything in your logs? I know you can turn on debugging in PAM, don't know how to do it in nsswitch.... -- 'One cannot make an omelette without breaking eggs -- but it is amazing how many eggs one can break without making a decent omelette.' -- Charles P. Issawi Rasputin :: Jack of All Trades - Master of Nuns
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050126235220.GI57113>