We've be toying with pam_ldap for sometime now. It looks like RH 7.1 almost has it right, out of the box. We have passwd and group files exported into the ldap and pam/nsswitch configure to use the ldap. Logins are working great except for being very slow. We've run the sldap in debug mode (-d 256) and have notice that the slowness appears to be coming from the group filter pam/nsswitch is running against the ldap. This is the filter from slapd debug: conn=0 op=2 SRCH base="dc=musc,dc=edu" scope=2 filter="(&(objectClass=posixGroup)(|(memberUid=root) (uniqueMember=uid=testuser,ou=People,dc=musc,dc=edu)))" Our guess is that the problem lies with "uniqueMember" being used instead of "memberuid". We have ldap.conf on the client configure to use "memberuid", but it appears to be ignored. ldap.conf snip: # Group member attribute pam_member_attribute memberuid Anyone have any thoughts or ideas? Thanks in advance. -- brought to you by, Matthew Gregg... one of the friendly folks in the IT Lab. --------------------------------------\ The IT Lab (http://www.itlab.musc.edu) \____________________ Probably the world's premier software development center. Serving: Programming, Tools, Ice Cream, Seminars
