Ldap Authentication Tweaks

If you find that there seems to be some issues with ldap authentication and slow response time, try making a few adjustments on the client to see if it helps.

LDAP.CONF

If you don't need to search the entire ldap tree don't! If at all possible restrict the base search suffix as much as possible and make the appropriate changes to:

nss_base_group
nss_base_passwd
nss_base_shadow

Also ensure that you have send the ldap_bind_policy to soft.

Note: You do not need to restart services for the changes to take effect.

NSCD.CONF

The caching daemon can definately make a huge difference to response time. The following changes are recommended but read the man pages if you aren't sure as there are some drawbacks to making these changes (although, it hasn't impacted my situation at all - yet!)

reload-count unlimited
positive-time-to-live passwd 2592000
negative-time-to-live passwd 20
positive-time-to-live passwd 2592000
negative-time-to-live passwd 20
positive-time-to-live passwd 2592000
negative-time-to-live passwd 0

Note: As far as I know you will need to restart services for these changes to take effect

# rcnscd restart