Hello,
I'm running few FreeBSD servers (7.3R and 8.2R). I've configured those servers so that remote (LDAP) users can log in. In particular, /etc/nsswitch.conf contains the line
Everything appears to work ok (ssh login…) except the top command.
When a user tries to run top, nothing is displayed, top runs but is trying to read the whole LDAP database. We have 140 K users into our LDAP, fortunately the LDAP server kills the connexion before the end of the request.
Of course, top -u works great, but I want id->login conversion.
Why would top read all the LDAP database, when it just needs to resolve a handful of ids? Is this a known problem? (I can't find any top/ldap related PR).
For now, I'm binding my FreeBSD servers against an LDAP proxy that prevents extensive requests: the proxy replies
and then top tries to resolve individual ids instead of reading the whole LDAP database. It's working great: top replies immediately, and displays every user names correctly (from LDAP and from /etc/passwd).
Is there any way to correct top's behavior without using a dedicated LDAP proxy?
I'm running few FreeBSD servers (7.3R and 8.2R). I've configured those servers so that remote (LDAP) users can log in. In particular, /etc/nsswitch.conf contains the line
Code:
passwd: cache files ldapEverything appears to work ok (ssh login…) except the top command.
When a user tries to run top, nothing is displayed, top runs but is trying to read the whole LDAP database. We have 140 K users into our LDAP, fortunately the LDAP server kills the connexion before the end of the request.
Of course, top -u works great, but I want id->login conversion.
Why would top read all the LDAP database, when it just needs to resolve a handful of ids? Is this a known problem? (I can't find any top/ldap related PR).
For now, I'm binding my FreeBSD servers against an LDAP proxy that prevents extensive requests: the proxy replies
Code:
The server is not configured to pass through control 1.2.840....Is there any way to correct top's behavior without using a dedicated LDAP proxy?
