Date: Sun, 6 Oct 2024 16:04:01 -0400 From: David Cross <david@crossfamilyweb.com> To: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: Review D38047 ... and then there was one.... Message-ID: <5FCA5CA0-7F07-44A7-95A3-672AB8C2C6A1@crossfamilyweb.com> In-Reply-To: <6bfd6c61-38aa-4038-b54b-6c17b5b69ada@plan-b.pwste.edu.pl> References: <6bfd6c61-38aa-4038-b54b-6c17b5b69ada@plan-b.pwste.edu.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Here=E2=80=99s the thing. The current implementation of nscd DOESN=E2=80=99T= WORK at all. There is a symbol that nscd exports that libc is supposed to u= se as a flag to bypass lookups for nscd itself. But that symbol isn=E2=80=99= t exported right.=20 You will need to recompile libc and nscd. (I just do a buildworld to make su= re i get everything as there are makefile changes related to the aforementio= ned symbol changes.=20 And then after that make sure to check getgroupentries too > On Oct 6, 2024, at 3:57=E2=80=AFPM, Marek Zarychta <zarychtam@plan-b.pwste= .edu.pl> wrote: >=20 > =EF=BB=BFW dniu 6.10.2024 o 20:35, David E. Cross pisze: >> Please, love to get some eyes on this. As it stands nscd is completely u= seless for LDAP for getgroupmembership (and really ANY implementation that d= efines a specific implementation of getgroupmembership, since it will then b= ypass the non-existent NSCD version). Additionally it fixes bugs with negat= ive caching as well as increases thread safety. >=20 > Thank you for this patch. I am not competent to review this code, but can t= est it. Really, our nscd with LDAP is a nightmare. I have set filters to nar= row lookups, but with full directory, when nscd is runnig I have have such t= imings: >=20 > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.62 real 0.06 user 0.15 sys > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.47 real 0.07 user 0.12 sys > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.46 real 0.04 user 0.15 sys >=20 > After stopping nscd service: >=20 > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.15 real 0.03 user 0.06 sys > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.16 real 0.01 user 0.08 sys >=20 > Unfortunately, with this patch applied there is no much improvement: >=20 > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.65 real 0.03 user 0.19 sys > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.48 real 0.02 user 0.22 sys > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.43 real 0.06 user 0.12 sys >=20 > The test were run on most recent stable/14 with net/nss-pam-ldapd as a Nam= e Service Switch module for LDAP lookup. >=20 > -- > Marek Zarychta >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5FCA5CA0-7F07-44A7-95A3-672AB8C2C6A1>