From owner-freebsd-questions@FreeBSD.ORG Wed Jan 26 23:52:23 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F0C3016A4CE for ; Wed, 26 Jan 2005 23:52:23 +0000 (GMT) Received: from 9.hellooperator.net (cpc3-cdif2-3-0-cust202.cdif.cable.ntl.com [81.103.32.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B95543D39 for ; Wed, 26 Jan 2005 23:52:23 +0000 (GMT) (envelope-from rasputnik@hellooperator.net) Received: from [10.4.0.5] (helo=eris.tenfour) by 9.hellooperator.net with esmtp (Exim 4.43) id 1CtwxQ-0005H7-OY; Wed, 26 Jan 2005 23:52:22 +0000 Received: from rasputnik by eris.tenfour with local (Exim 4.43 (FreeBSD)) id 1CtwxQ-000Ew6-Kg; Wed, 26 Jan 2005 23:52:20 +0000 Date: Wed, 26 Jan 2005 23:52:20 +0000 From: Dick Davies To: Albert Shih Message-ID: <20050126235220.GI57113@eris.tenfour> References: <20050126220336.GA23003@math.jussieu.fr> <20050126232802.GH57113@eris.tenfour> <20050126233130.GA5551@math.jussieu.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050126233130.GA5551@math.jussieu.fr> User-Agent: Mutt/1.4.2.1i cc: FreeBSD Questions Subject: Re: Authentication with ldap very slow X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Dick Davies List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Jan 2005 23:52:24 -0000 * Albert Shih [0131 23:31]: > Le 26/01/2005 ? 23:28:02+0000, Dick Davies a ?crit > > * Albert Shih [0105 22:05]: > > > Hi > > > > > > I've a server (FreeBSD 5.3-p5) to use a openldap for authentication. > > > > > > Everthing work fine but....it's very slow when some operation need to known > > > the id <--> uid. For example if I try to execute some > > > > > > cd /home > > > ls -l * > > > > > > It's very very slow. > > Are you on a dialup or something? > > no on 100 Mbits/s switching network ;-) soon on 1Gbits/s ;-)) Wierd - I've got a wireless (11mbit) client using nss_ldap via startTLS and have no trouble at all (and the server is a 600Mhz mini-itx box). i just tried : make /tmp/mydir ls -lR that and tcpdump what i'm sending to the server (about a dozen lines of output) ls -lR /usr/local/misc (about 3Gb of mp3s owned by me) and tcpdump what i'm sending to the server (about a dozen lines of output) so it looks like only the one query is done by ls (i.e. it only looks up the name when it displays the output). How many directories are under /home? Unless we're talking hundreds, it shouldn't be more than a second or so delay, tops. It does'nt appear to caching (repeating the ls a couple of seconds later sends the same query), but then i don't think that accounts for your huge delays. It's definitely the uid lookup? Not NFS /home or something (Is ls * much faster than ls -l)? Anything in your logs? I know you can turn on debugging in PAM, don't know how to do it in nsswitch.... -- 'One cannot make an omelette without breaking eggs -- but it is amazing how many eggs one can break without making a decent omelette.' -- Charles P. Issawi Rasputin :: Jack of All Trades - Master of Nuns