Date: Thu, 7 Apr 2005 19:00:21 -0400 (EDT) From: Matt Juszczak <matt@atopia.net> To: freebsd-questions@freebsd.org Subject: finger not working, service very slow with ldap Message-ID: <20050407185914.I83304@neptune.atopia.net>
next in thread | raw e-mail | index | archive | help
Howdy, Finger is working for some of my system accounts, and not others. A check of the log displays the following: Apr 7 16:50:29 uranus slapd[57684]: conn=85 op=0 BIND dn="cn=pamclient,ou=SystemAccounts,dc=mydomain,dc=net" method=128 Apr 7 16:50:29 uranus slapd[57684]: conn=85 op=0 BIND dn="cn=pamclient,ou=SystemAccounts,dc=mydomain,dc=net" mech=SIMPLE ssf=0 Apr 7 16:50:29 uranus slapd[57684]: conn=85 op=0 RESULT tag=97 err=0 text= Apr 7 16:50:29 uranus slapd[57684]: conn=85 op=1 SRCH base="ou=People,dc=mydomain,dc=net" scope=1 deref=0 filter="(objectClass=posixAccount)" Apr 7 16:50:29 uranus slapd[57684]: conn=85 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Apr 7 16:50:30 uranus slapd[57684]: conn=85 op=1 SEARCH RESULT tag=101 err=4 nentries=500 text= Apr 7 16:50:30 uranus slapd[57684]: conn=85 fd=19 closed and it returns "user mjuszczak not found". Whats funny is that it returns 500 entries, even though there is only one mjuszczak user. This could also be the reason that logging into the server is taking absolutely forever. A login takes about a minute, and the tail -f of ldap.log with loglevel 128 shows it searching every single user, all 7000 ... for some reason. Could my indexes in slapd.conf possibly be off, or is this something I messed up in freebsd's pam.d? Here is the index list btw for slapd.conf, but of course if this is an ldap problem I will be contacting that email list anyway. index objectClass eq index sudoUser pres,eq index uid pres,eq Thanks in advance! -Matt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050407185914.I83304>