Odd su problem

[chuck_theobald]

Hi,

I have an LDAP authentication server for users and groups, which I suspect may be involved in the issue I am having with su to root. On newer (2005.1-r1) installations, whenever I try "su -", I get a 15-second delay before the root prompt shows up. If I enter the incorrect password, the rejection comes in about 2-3 seconds. The OpenLDAP log is unhelpful in diagnosing this, and an strace on the su command does not reveal the cause of this delay. Is anyone else experiencing this problem? Has anyone found a fix?

The relevant emerges for my installations include nss_ldap, pam_ldap, openldap, and appropriate modifications to /etc/nsswitch.conf and /etc/pam.d/system-auth.

Thanks,
Chuck

[smerf]

maybe try setting bigger idle_timelimit (i.e. 36000) in /etc/ldap.conf
_________________
Microsoft is not the answer, Microsoft is the question, the answer is no.

[bunder]

is your ldap server under considerable load? i have seen auths slow to a crawl if the ldap server is chugging. try renicing slapd to -19.

bunder
_________________

[smerf]

hmm, for me -19 is somewhat too low, ldap may slow your system down, -10 sounds better (for me at least)
_________________
Microsoft is not the answer, Microsoft is the question, the answer is no.

[chuck_theobald]

Hi,

Thank you for the suggestion, but setting the timeout value had no effect on the slow login response. My LDAP server is very low load and responds quickly to other auth requests, it is only with su that I see the problem. Also, this occurs only for "su -", if I su to another user, the response time is normal. Could this be related to the LDAP server definition for "root"?

Regards,
Chuck

[smerf]

do you have root inside ldap? is this necessary?
_________________
Microsoft is not the answer, Microsoft is the question, the answer is no.

[chuck_theobald]

root is the cn assigned to the Netbios Domain Administrator. The uidNumber is not 0. This instance of root was created by the smbldap tools that I use to administer my LDAP server.