Nabble

Scalability problem

View: New views

2 Messages — Rating Filter: Alert me

Scalability problem

by luca regini :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

I am using pam ldap module to interface to a directory service
containing identity information. My directory contains an very big
number of groups, in the order of some thousands. Sniffing the network
i see that a lot of gloabal searches ( reqeusts for all the groups in
the directory ) are sent toward the directory. This causes a lot of
network traffic and poses some awkard scalability problems. Is there
any way to avoid this kind of queries, or is there any way to solve
this scalability problem???
Thanks in advance,
Luca Regini.

Re: [ldap-nis] Scalability problem

by Luke Howard :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Are you sure the searches are from pam_ldap? They may be from nss_ldap.

In nss_ldap-258, you can disable enumeraion completely with the
nss_getgrent_skipmembers option in ldap.conf. Or, try disabling services
such as finger that call getgrent().

-- Luke

luca regini wrote:

> I am using pam ldap module to interface to a directory service
> containing identity information. My directory contains an very big
> number of groups, in the order of some thousands. Sniffing the network
> i see that a lot of gloabal searches ( reqeusts for all the groups in
> the directory ) are sent toward the directory. This causes a lot of
> network traffic and poses some awkard scalability problems. Is there
> any way to avoid this kind of queries, or is there any way to solve
> this scalability problem???
> Thanks in advance,
> Luca Regini.
>
>

--
www.padl.com | www.fghr.net