From: (no name) (no email)
Date: Thu Jan 09 2003 - 06:34:41 EST
On Wed, 1 Jan 2003, Igor Brezac wrote:
> On Wed, 1 Jan 2003 wrote:
> [...]
> > Can anyone offer advice on tuning the saslauthd pool? Are there particular
> > options, either on the command line or in saslauthd.conf, which I should
> > be looking at?
>
> Try using 'ldap_auth_method: custom'. It is up to three times faster
> than the 'bind' method.
Thanks for the suggestion. Unfortunately 'custom' wasn't an option for
us, although we certainly could have benefited from it. The reason we
can't use it is that to support password migration our shell back-end does
mad things like:
try binding to new server;
if (failure) {
try binding to old server;
if (success)
update user password in new server for next time;
}
Don't look at me, I just inherited it :-)
This logic (to use the term loosely) makes it impossible to return a
sensible response to a search on userPassword. Instead, I committed a
gross hack and implemented a new method called auth_fastbind. It does away
with the search and extra anonymous bind in auth_bind by making two
assumptions:
1. Expanding the ldap_filter expression gives the fully-qualified DN
2. There is no cost to staying bound as a named user
These held for our shell back-end, but I don't know how applicable they
are to wider use. Still, if anyone's interested I've attached the patch
(against 2.1.10).
Simon Brady mailto:
Systems Specialist Ph. +64 3 479-5217
ITS Technical Services Fax +64 3 479-5080
University of Otago, Dunedin, New Zealand Mobile +64 27 411-6045
|
|
|