Date: Fri, 19 Feb 2010 12:22:56 +0100 From: Pascal Levy <pascal.levy@univ-paris1.fr> To: freebsd-questions@freebsd.org Subject: nss_ldap for very large directory Message-ID: <201002191222.58597.pascal.levy@univ-paris1.fr>
next in thread | raw e-mail | index | archive | help
Hello, I'm trying to set up ldap authentification and nsswitch stuff for freebsd 8. I configured pam with pam_krb5 for auth and pam_ldap for account I use nss_ldap for group and password database with sasl on, meaning that= =20 process with uid 0 bind to ldap with rootbinddn and users process bind with= =20 their GSSAPI/Kerberos credentials. Everything works fine.... except that I can't use nss_getgrent_skipmembers = in=20 nss_ldap.conf. If I set it to yes, users don't have their group set at all= =20 (only the gid one). This work well with Debian... We have a very large directory here (about 50 000 active users, 4000 groups= ,=20 some with thousands of members...) so I definitely need freebsd not to look= up=20 for every users in every group for each operation... Else, I haven't found usefull document for setting nscd for very large=20 configuration. thanks in advance and sorry for my english, Pascal --=20 Pascal Levy Ing=E9nieur syst=E8me, r=E9seaux, SI Universit=E9 Paris 1 Panth=E9on-Sorbonne Centre de ressources informatiques et du r=E9seau (CRIR) P=F4le Infrastructures 90 rue de Tolbiac 75634 Paris Cedex 13 t=E9l : 01 44 07 88 81 / 06 45 62 67 57 http://crir.univ-paris1.fr --=20 Ce message a ete verifie par MailScanner pour des virus ou des polluriels et rien de suspect n'a ete trouve.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201002191222.58597.pascal.levy>