On 06/10/2010 05:09 PM, Eric Doutreleau wrote: > thanks for your answer > well i have the problem when i don't set up > ldap_user_search_base and > ldap_group_search_base > but i discovered that ou=Groups,dc=int-evry,dc=fr contains nothing > our posix group are elsewhere > and when i put ldap_group_search_base with the good value i have the > problem again > i guess i have to talk to the ldap guy to see if the data are correctly > indexed. > do u know what i should index on group? > > Le 10/06/2010 13:12, Stephen Gallagher a écrit : >> On 06/10/2010 05:50 AM, Eric Doutreleau wrote: >>> ahhh i took a day to write the mail and i found the solution 5 minutes >>> just after write the mail >>> >>> i add >>> ldap_group_search_base = ou=Groups,dc=int-evry,dc=fr >>> and it s far faster >>> >>> sorry to have disturbed >>> >> >> Hmm, this shouldn't have had a direct effect. If unspecified, >> ldap_group_search_base should default to being the same as >> ldap_search_base. Unless your LDAP server is incredibly large (and no >> indexing is being performed), setting this should not have a measurable >> effect. The primary purpose for this option is for LDAP deployments >> where users and groups are in vastly disparate sections of the tree. >> >> I'm more concerned that there's a bug in our processing when only one of >> the two options is specified. I'm CCing one of our upstream QE engineers >> to try and reproduce your original performance issue. I think you may >> have found a bug here. >> >> Eric, if you would also be willing to try it, I'm curious if you still >> see this problem with only ldap_search_base specified (without >> ldap_user_search_base and ldap_group_search_base) >> >> >> Hi Eric, I was unable to reproduce this issue on my test bed. My test is as follows: OS: Fedora release 13 (Goddard) Version: sssd-1.2.0-12.fc13.x86_64 & nss-pam-ldapd-0.7.6-2.fc13.x86_64 Method: 1. Configured sssd.conf as: [sssd] config_file_version = 2 reconnection_retries = 3 services = nss, pam domains = default [nss] filter_groups = root filter_users = root reconnection_retries = 3 [pam] reconnection_retries = 3 [domain/default] ldap_id_use_start_tls = False ldap_tls_reqcert = never cache_credentials = True ldap_search_base = dc=example,dc=com ldap_user_search_base = ou=People,dc=example,dc=com chpass_provider = none id_provider = ldap auth_provider = ldap debug_level = 9 min_id = 1 ldap_uri = ldap://ldap.server.hostname.com:389 ldap_schema = rfc2307 ldap_default_bind_dn = uid=puser1,ou=People,dc=example,dc=com ldap_default_authtok_type = password ldap_default_authtok = Secret123 enumerate = False 2. Login with a valid user name and password. 3. Initial authentication takes ~12 seconds. 4. Tried with both ldap_user_search_base & ldap_group_search_base. 5. Tried with just ldap_group_search_base. Did I miss anything important? Thanks -- Gowrishankar Rajaiyan <gsr@xxxxxxxxxx> -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
