From owner-freebsd-questions@FreeBSD.ORG Fri Feb 19 11:23:04 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4B93A106566B for ; Fri, 19 Feb 2010 11:23:04 +0000 (UTC) (envelope-from pascal.levy@univ-paris1.fr) Received: from asterix.univ-paris1.fr (asterix.univ-paris1.fr [IPv6:2001:660:3305::71]) by mx1.freebsd.org (Postfix) with ESMTP id 7A2328FC08 for ; Fri, 19 Feb 2010 11:23:03 +0000 (UTC) Received: from pascal-laptop.parc.archann.univ-paris1.fr (pmf-crir-03.univ-paris1.fr [IPv6:2001:660:3305:0:221:70ff:fee5:e044]) by asterix.univ-paris1.fr (8.13.4/jtpda-5.5pre1) with ESMTP id o1JBMxRW026203 for ; Fri, 19 Feb 2010 12:22:59 +0100 From: Pascal Levy Organization: =?utf-8?q?Universit=C3=A9_Paris_1_Panth=C3=A9on_Sorbonne_-?= CRIR To: freebsd-questions@freebsd.org Date: Fri, 19 Feb 2010 12:22:56 +0100 User-Agent: KMail/1.12.2 (Linux/2.6.31-14-generic; KDE/4.3.2; i686; ; ) MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Message-Id: <201002191222.58597.pascal.levy@univ-paris1.fr> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (asterix.univ-paris1.fr [IPv6:2001:660:3305::71]); Fri, 19 Feb 2010 12:22:59 +0100 (CET) X-up1-MailScanner-Information: Please contact crir .at. univ-paris1.fr for more information X-up1-MailScanner: Found to be clean X-up1-MailScanner-From: pascal.levy@univ-paris1.fr Subject: nss_ldap for very large directory X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Feb 2010 11:23:04 -0000 Hello, I'm trying to set up ldap authentification and nsswitch stuff for freebsd 8. I configured pam with pam_krb5 for auth and pam_ldap for account I use nss_ldap for group and password database with sasl on, meaning that= =20 process with uid 0 bind to ldap with rootbinddn and users process bind with= =20 their GSSAPI/Kerberos credentials. Everything works fine.... except that I can't use nss_getgrent_skipmembers = in=20 nss_ldap.conf. If I set it to yes, users don't have their group set at all= =20 (only the gid one). This work well with Debian... We have a very large directory here (about 50 000 active users, 4000 groups= ,=20 some with thousands of members...) so I definitely need freebsd not to look= up=20 for every users in every group for each operation... Else, I haven't found usefull document for setting nscd for very large=20 configuration. thanks in advance and sorry for my english, Pascal --=20 Pascal Levy Ing=E9nieur syst=E8me, r=E9seaux, SI Universit=E9 Paris 1 Panth=E9on-Sorbonne Centre de ressources informatiques et du r=E9seau (CRIR) P=F4le Infrastructures 90 rue de Tolbiac 75634 Paris Cedex 13 t=E9l : 01 44 07 88 81 / 06 45 62 67 57 http://crir.univ-paris1.fr --=20 Ce message a ete verifie par MailScanner pour des virus ou des polluriels et rien de suspect n'a ete trouve.