0

I have a puppet master that is on a server that uses winbind connected to a Universities large LDAP / active directory. When winbind is on the puppet runs are extremely slow and when winbind is turned off the puppet runs are normal.

I believe that puppet might be looping through every user in active directory or something similar but I'm unsure. It's not an option for me to turn of winbind so I have been just dealing with the long puppet runs and haven't found a solution.

Any help is much appreciated.

andrejbranch
  • 1
  • 1
  • Could not the master run on a VM that needs no LDAP connection? – Felix Frank May 21 '14 at 12:54
  • Thats what I have been considering. Moving puppet master to a separate machine. Question is then, is it only puppet master that needs to use NSS, or is it just puppet runs in general? – andrejbranch May 29 '14 at 16:53

1 Answers1

0

According to this thread, an active LDAP client configuration on the master host does indeed incur a performance penalty, and an apparent solution is to reconfigure in nsswitch.conf. If that is not an option, a supposed mitigation strategy is a caching nscd.

Felix Frank
  • 8,125
  • 1
  • 23
  • 30