On Thu, 2002-12-05 at 16:26, Nick Urbanik wrote: > We are using LDAP authentication for all our laboratory machines, using > OpenLDAP 2.0.23 on RH 7.3. There are about 8000 user accounts, and the system > has worked for a couple of years. It all works fine until we get requests like > this at the rate of up to 345/second: > > base="uid=020526238,ou=People,dc=tyict,dc=vtc,dc=edu,dc=hk" scope=0 > filter="(objectClass=*) > (many other user ids in the base for other queries)
It's been a while, but I'm poking around in nss_ldap to find out how some things work... This looks like a result of using rfc2307bis groups (using groups of uniqueMember objects rather than memberUid objects). Since you're using LDAP uid's as the group members, the LDAP module has to resolve them to Unix names, resulting in an additional query for every member of the group being parsed. This data is supposed to be cached locally. Perhaps it isn't caching on your clients, or perhaps their caches are re-loading periodically. You may get better performance by using posixGroup's with memberUid objects. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
