Re: LDAP Auth?

From: Ken Gourlay (ken@thechain.com)
Date: 07/29/02


Date: Mon, 29 Jul 2002 14:07:52 -0400
To: Drew Smith <drew@eastvan.bc.ca>
From: Ken Gourlay <ken@thechain.com>

Hi,
I spent a good deal of time trying to get LDAP authentication working.
Actually the authentication was fairly easy, but I wanted my LDAP server
to use a MySQL backend: that was a little more complicated. In any
case, after setting it all up, I tore it all down again because the
performance was terrible. I had 3 redhat servers and a database of
about 4000 users, and PAM would do very screwy things like request a
list of all the groups whenever a user logged in -- and the way LDAP
responds, it'd take the server at least several minutes to serve up the
resulting list. PAM could have been much more optimized to make this
work better, but in my situation I ended up better off with a "custom
solution". I wrote a crontab that would regenerate the local passwd and
shadow files on each server every couple minutes from the MySQL database
(yes, every couple minutes is fairly often, but it was still much less
CPU time than what LDAP would be doing). It was also much less coding
in the long run, because making everything work with LDAP would have
been a lot harder than just making everything work with itself, if you
know what I mean.

LDAP is nice, but depending on how many users you have, it may not be
efficient enough to do what you need done. I'm happy to talk to you
about more specific things, but I guess my immediate recommendation is
to strongly consider why you want to use LDAP as a standard before
jumping into it.

-- Ken Gourlay
-- Chain Communicaitons, Inc.

On Tuesday, July 23, 2002, at 06:56 PM, Drew Smith wrote:

>
> Hey folks,
>
> I'm considering implementing LDAP authentication across our network of
> about 15 Red Hat machines. Problem is, I've never really used LDAP or
> been in an environment that uses it.



Relevant Pages

  • Re: Does samba 3.0.14Aa on OS 5.0.6 work with ldapsam backend on another LDAP server?
    ... used 3.0.9 on SCO 5.0.6 for quite some time after suffering problems I ... a RedHat4 box running samba 3.0.10 and OpenLDAP 2.2.13. ... and no LDAP server (although there were the ... share on the SCO server without any smbpasswd on that server! ...
    (comp.unix.sco.misc)
  • Re: [opensuse] LDAP served network
    ... One LDAP server and one LDAP client. ... I use pam to configure the various services to perform ... an ldap authentication. ...
    (SuSE)
  • Problems combining nss_ldap/pam_ldap with pam_mkhomedir in FreeBSD 7.0
    ... we use a large number of servers with centralized user-accounts in LDAP ... PAM accepts logins for ssh checking groupdn. ... server - Server is unavailable ...
    (freebsd-stable)
  • RE: LDAP & Find People not working
    ... need to refer to the KB article below to know how to use LDAP: ... | Yes, the scanner is on the local area network, so as you indicated below, ... | So I wonder why the scanner does not see the LDAP server. ...
    (microsoft.public.windows.server.sbs)
  • slapd - slow starting
    ... contact LDAP server ... then slapd started fine but I without ldap in nsswitch.conf I cant ... # The user ID attribute (defaults to uid) ... # SSL enabled. ...
    (freebsd-stable)