We have a new iMac on Snow Leopard authenticating against an OpenLDAP directory. Homes are on (automounted) NFSv3 (Linux, kernel-server).
NFS seems to work pretty well (if a bit slow, but we don't want to risk not using locking).
When a user logs in using an LDAP account, however, weird things happen: Sometimes the machine hangs even before all the Desktop icons had been initialized, sometimes the user can work for a little while, but after a while the machine starts hanging: New processes by the user don't get off the ground, old processes cannot be quit (even force quit hangs). Sometimes early on, sometimes later, the dock doesn't react at all (does not show context menu for programmes) and the Finder won't take focus.
All the same, even if everything else seems to hang, I can log in via SSH and at least cleanly reboot the machine. SSH login works even for LDAP users. If I disable LDAP, everything seems to work normal for local users.
We used the OpenLDAP directory with RFC 2307 mapping. We only really use it for account data, so I tried removing any mappings except the Person, User and Group mappings in the Directory Utility. Both mappings have the same resulting misbehaviour.
Edit: This seems to be the same problem as this gentleman has: Apple Forums 1/2
Mac applications store most of their configurations for each user under their home directory:
~user/Library
If I understand correctly, the users who auth against LDAP server will have a nfs home directory, right? In that case, it sounds the applications are hanging either because the Library doesn't exists or the configs are being regenerated and there are a lot of transmits, or the connection Is just over saturated. I suspect that if you were to either run nfsstat or tcpdump on the server, you will see a lot of traffic from that client.
There are a few things you can try:
used nfs4 if you haven't done so already, as there is significant performance improvements with that version. Unfortunately, it seems that nfs4 under Leopard is of alpha quality and I could not find whether it has improved significantly under Lion.
mount the home directory as disk share. Not optimal, but at least configs are not over the network.
-copy the Library directory over to the home directory of each user. Depending on the number of users, this may not be scalable and if the apps performs a lot of I/O, will not alleviate the problem.
put the iMac on the wired network rather on the wifi to reduce latency.
as mentioned earlier, enable "Create Mobile account at login"
Your mac isn't connecting via wifi is it?
I know this solution isn't for everyone, but do you have the
Create Mobile account at loginbox checked? This is pretty necessary if you experience network blips, if your mac connects via wifi, or if you plan on taking your mac off-net ever.I experienced a huge speed increase in our macs authing against AD after we started using "mobile" accounts.