slow login with sssd and ldap config

[Eric Doutreleau]

thanks for your answer
well i have the problem when i don't set up
ldap_user_search_base and
ldap_group_search_base
but i discovered that ou=Groups,dc=int-evry,dc=fr contains nothing
our posix group are elsewhere
and when i put ldap_group_search_base with the good value i have the 
problem again
i guess i have to talk to the ldap guy to see if the data are correctly 
indexed.
do u know what i should index on group?

Le 10/06/2010 13:12, Stephen Gallagher a écrit :
> On 06/10/2010 05:50 AM, Eric Doutreleau wrote:
>> ahhh i took a day to write the mail and i found the solution 5 minutes
>> just after write the mail
>>
>> i add
>> ldap_group_search_base = ou=Groups,dc=int-evry,dc=fr
>> and it s far faster
>>
>> sorry to have disturbed
>>
>
> Hmm, this shouldn't have had a direct effect. If unspecified,
> ldap_group_search_base should default to being the same as
> ldap_search_base. Unless your LDAP server is incredibly large (and no
> indexing is being performed), setting this should not have a measurable
> effect. The primary purpose for this option is for LDAP deployments
> where users and groups are in vastly disparate sections of the tree.
>
> I'm more concerned that there's a bug in our processing when only one of
> the two options is specified. I'm CCing one of our upstream QE engineers
> to try and reproduce your original performance issue. I think you may
> have found a bug here.
>
> Eric, if you would also be willing to try it, I'm curious if you still
> see this problem with only ldap_search_base specified (without
> ldap_user_search_base and ldap_group_search_base)
>
>
>