Date: Fri, 19 Feb 2010 12:22:56 +0100 From: Pascal Levy <pascal.levy@univ-paris1.fr> To: freebsd-questions@freebsd.org Subject: nss_ldap for very large directory Message-ID: <201002191222.58597.pascal.levy@univ-paris1.fr>
index | next in thread | raw e-mail
Hello, I'm trying to set up ldap authentification and nsswitch stuff for freebsd 8. I configured pam with pam_krb5 for auth and pam_ldap for account I use nss_ldap for group and password database with sasl on, meaning that process with uid 0 bind to ldap with rootbinddn and users process bind with their GSSAPI/Kerberos credentials. Everything works fine.... except that I can't use nss_getgrent_skipmembers in nss_ldap.conf. If I set it to yes, users don't have their group set at all (only the gid one). This work well with Debian... We have a very large directory here (about 50 000 active users, 4000 groups, some with thousands of members...) so I definitely need freebsd not to lookup for every users in every group for each operation... Else, I haven't found usefull document for setting nscd for very large configuration. thanks in advance and sorry for my english, Pascal -- Pascal Levy Ingénieur système, réseaux, SI Université Paris 1 Panthéon-Sorbonne Centre de ressources informatiques et du réseau (CRIR) Pôle Infrastructures 90 rue de Tolbiac 75634 Paris Cedex 13 tél : 01 44 07 88 81 / 06 45 62 67 57 http://crir.univ-paris1.fr -- Ce message a ete verifie par MailScanner pour des virus ou des polluriels et rien de suspect n'a ete trouve.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201002191222.58597.pascal.levy>