slow ldap authenticaion

---

• From: Dracula <countofdracula@xxxxxxxxx>
• Date: Wed, 11 Jan 2006 12:42:15 +0530

---

Let me start this issue with a little background. We use Microsoft
Active Directory as our LDAP server. Using validated Microsoft
components (Microsoft Services For Unix) we have extended its LDAP
schema to allow unix servers like unix to authenticate againt ADs LDAP
server so that services like ssh, samba, su, ftp, etc can use the MS
password db. I have had no issue woth RHEL 2 AS, RHEL 3 AS using these
services. Everything has been great. I get fast lookups against AD for
authentication when I su/ssh/ftp/smb as any AD user. Life is pretty
good. When I use RHEL 4 AS, it works too, but there is a problem. If I
ssh/ftp/su/smb as root or any local /etc/passwd user, the repsonse time
is fast. If I su/ssh/smb/ftp as a LDAP user (after AD is using LDAP,
just modified) the response time is ~15 seconds. If I enable nscd, the
first su/ssh/ftp/smb attempt takes ~15 swconds. The subsequent attempts
are almost instantaneous. On RHEL 2 AS and RHEL 3 AS, I do not even need
nscd to speed up lookups against AD for su/ssh/ftp/smb. What is the
problem with RHEL 4? I even did an up2date from U1 to U2 and this made
no difference. Is there anything I can do to speed up this lookup?
Again, RHEL AS 2 and 3 against the same AD server is always fast. It is
just RHEL 4 that seems slow. Granted, on RH AS 2 I compiled nss and pam
libraies to work with AD LDAP as RH AS. In other words, RHEL 2 and 3
does not work with Microsofts implementation of LDAP unless you update
pam and nss libraries, not to mention openldap must be upgraded. On,
RHEL4 everything works out of the box excpet for this lookup delay
problem. Let me know as this is critical for an upcoming migration from
RHEL AS 2 to RHEL 4 AS


Thanks

Regards,

Komal

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

---

• Prev by Date: cloning
• Next by Date: Re: Neighnour table overflow
• Previous by thread: Neighnour table overflow
• Next by thread: cpu usage way high
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Configuring LDAP on Entourage 2004 OS X ... On the SBS server box, open Server Management console, navigate to ... by companies that are independent of Microsoft. ... Configuring LDAP on Entourage 2004 OS X ... (microsoft.public.windows.server.sbs) Re: Gruppenmitglieder in eine Textdatei exportieren ... brauchst den LDAP-Objektpfad an vielen Stellen im AD. ... Zweitens ist der LDAP-Pfad keine Erfindung von Microsoft, ... habt Ihr einen super SQL Server, dann portiert das doch auf den Server ... LDAP hat mit der darunter liegenden Datenbank nicht das geringste zu tun, ... (microsoft.public.de.german.win2000.active_directory) Using VBScript to access data on LDAP ... To the best of my knowledge I'm trying to retrieve data from an iPlanet LDAP ... update the data stored in the LDAP server. ... Microsoft Windows Script Host Version 5.7 ... Copyright Microsoft Corporation. ... (microsoft.public.scripting.vbscript) RE: DC migrated from NT4 to 2003: cannot LDAP top level search dc= ... You can use a Microsoft Support Tool LDP.exe to test if can query the AD ... | Thread-Topic: DC migrated from NT4 to 2003: cannot LDAP top level search ... | Server 'Forest' ist the master ... (microsoft.public.windows.server.migration) Re: Gruppenmitglieder in eine Textdatei exportieren ... Super Argumentation. ... Erstens arbeite ich nicht bei Microsoft, ... habt Ihr einen super SQL Server, dann portiert das doch auf den Server und die Sache ist vom Tisch. ... LDAP hat mit der darunter liegenden Datenbank nicht das geringste zu tun, ... (microsoft.public.de.german.win2000.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)