Date: Sun, 6 Oct 2024 16:04:01 -0400 From: David Cross <david@crossfamilyweb.com> To: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: Review D38047 ... and then there was one.... Message-ID: <5FCA5CA0-7F07-44A7-95A3-672AB8C2C6A1@crossfamilyweb.com> In-Reply-To: <6bfd6c61-38aa-4038-b54b-6c17b5b69ada@plan-b.pwste.edu.pl> References: <6bfd6c61-38aa-4038-b54b-6c17b5b69ada@plan-b.pwste.edu.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Here’s the thing. The current implementation of nscd DOESN’T WORK at all. There is a symbol that nscd exports that libc is supposed to use as a flag to bypass lookups for nscd itself. But that symbol isn’t exported right. You will need to recompile libc and nscd. (I just do a buildworld to make sure i get everything as there are makefile changes related to the aforementioned symbol changes. And then after that make sure to check getgroupentries too > On Oct 6, 2024, at 3:57 PM, Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> wrote: > > W dniu 6.10.2024 o 20:35, David E. Cross pisze: >> Please, love to get some eyes on this. As it stands nscd is completely useless for LDAP for getgroupmembership (and really ANY implementation that defines a specific implementation of getgroupmembership, since it will then bypass the non-existent NSCD version). Additionally it fixes bugs with negative caching as well as increases thread safety. > > Thank you for this patch. I am not competent to review this code, but can test it. Really, our nscd with LDAP is a nightmare. I have set filters to narrow lookups, but with full directory, when nscd is runnig I have have such timings: > > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.62 real 0.06 user 0.15 sys > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.47 real 0.07 user 0.12 sys > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.46 real 0.04 user 0.15 sys > > After stopping nscd service: > > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.15 real 0.03 user 0.06 sys > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.16 real 0.01 user 0.08 sys > > Unfortunately, with this patch applied there is no much improvement: > > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.65 real 0.03 user 0.19 sys > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.48 real 0.02 user 0.22 sys > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.43 real 0.06 user 0.12 sys > > The test were run on most recent stable/14 with net/nss-pam-ldapd as a Name Service Switch module for LDAP lookup. > > -- > Marek Zarychta >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5FCA5CA0-7F07-44A7-95A3-672AB8C2C6A1>