From nobody Sun Oct  6 20:04:01 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XMCvK30pdz5YT6C
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Sun, 06 Oct 2024 20:05:33 +0000 (UTC)
	(envelope-from david@crossfamilyweb.com)
Received: from mail.dcrosstech.com (syn-024-097-005-251.biz.spectrum.com [24.97.5.251])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail.dcrosstech.com", Issuer "DCrossTech.com LLC CA" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4XMCvJ5NNRz4gPK
	for <freebsd-hackers@freebsd.org>; Sun,  6 Oct 2024 20:05:32 +0000 (UTC)
	(envelope-from david@crossfamilyweb.com)
Authentication-Results: mx1.freebsd.org;
	none
X-Virus-Scanned: amavisd-new at dcrosstech.com
Received: from smtpclient.apple (211.sub-174-231-53.myvzw.com [174.231.53.211])
	(authenticated bits=0)
	by mail.dcrosstech.com (8.15.2/8.15.2) with ESMTPSA id 496K4nje031524
	(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO);
	Sun, 6 Oct 2024 20:05:12 GMT
	(envelope-from david@crossfamilyweb.com)
X-Authentication-Warning: mail.priv.dcrosstech.com: Host 211.sub-174-231-53.myvzw.com [174.231.53.211] claimed to be smtpclient.apple
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
From: David Cross <david@crossfamilyweb.com>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
Mime-Version: 1.0 (1.0)
Subject: Re: Review D38047 ... and then there was one....
Date: Sun, 6 Oct 2024 16:04:01 -0400
Message-Id: <5FCA5CA0-7F07-44A7-95A3-672AB8C2C6A1@crossfamilyweb.com>
References: <6bfd6c61-38aa-4038-b54b-6c17b5b69ada@plan-b.pwste.edu.pl>
Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org>
In-Reply-To: <6bfd6c61-38aa-4038-b54b-6c17b5b69ada@plan-b.pwste.edu.pl>
To: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
X-Mailer: iPhone Mail (22A3370)
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:11351, ipnet:24.97.0.0/16, country:US]
X-Rspamd-Queue-Id: 4XMCvJ5NNRz4gPK
X-Spamd-Bar: ----

Here=E2=80=99s the thing. The current implementation of nscd DOESN=E2=80=99T=
 WORK at all. There is a symbol that nscd exports that libc is supposed to u=
se as a flag to bypass lookups  for nscd itself. But that symbol isn=E2=80=99=
t exported right.=20

You will need to recompile libc and nscd. (I just do a buildworld to make su=
re i get everything as there are makefile changes related to the aforementio=
ned symbol changes.=20

And then after that make sure to check getgroupentries too

> On Oct 6, 2024, at 3:57=E2=80=AFPM, Marek Zarychta <zarychtam@plan-b.pwste=
.edu.pl> wrote:
>=20
> =EF=BB=BFW dniu 6.10.2024 o 20:35, David E. Cross pisze:
>> Please, love to get some eyes on this.  As it stands nscd is completely u=
seless for LDAP for getgroupmembership (and really ANY implementation that d=
efines a specific implementation of getgroupmembership, since it will then b=
ypass the non-existent NSCD version).  Additionally it fixes bugs with negat=
ive caching as well as increases thread safety.
>=20
> Thank you for this patch. I am not competent to review this code, but can t=
est it. Really, our nscd with LDAP is a nightmare. I have set filters to nar=
row lookups, but with full directory, when  nscd is runnig I have have such t=
imings:
>=20
> [host] ~# /usr/bin/time getent passwd > /dev/null
>         0.62 real         0.06 user         0.15 sys
> [host] ~# /usr/bin/time getent passwd > /dev/null
>         0.47 real         0.07 user         0.12 sys
> [host] ~# /usr/bin/time getent passwd > /dev/null
>         0.46 real         0.04 user         0.15 sys
>=20
> After stopping nscd service:
>=20
> [host] ~# /usr/bin/time getent passwd > /dev/null
>         0.15 real         0.03 user         0.06 sys
> [host] ~# /usr/bin/time getent passwd > /dev/null
>         0.16 real         0.01 user         0.08 sys
>=20
> Unfortunately, with this patch applied there is no much improvement:
>=20
> [host] ~# /usr/bin/time getent passwd > /dev/null
>         0.65 real         0.03 user         0.19 sys
> [host] ~# /usr/bin/time getent passwd > /dev/null
>         0.48 real         0.02 user         0.22 sys
> [host] ~# /usr/bin/time getent passwd > /dev/null
>         0.43 real         0.06 user         0.12 sys
>=20
> The test were run on most recent stable/14 with net/nss-pam-ldapd as a Nam=
e Service Switch module for LDAP lookup.
>=20
> --
> Marek Zarychta
>=20