Date: Sun, 6 Oct 2024 16:17:01 -0400 From: David Cross <dcrosstech@gmail.com> To: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> Cc: David Cross <david@crossfamilyweb.com>, FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: Review D38047 ... and then there was one.... Message-ID: <F5ADF6BE-DAF9-4741-A1DD-EDB81A3F6786@gmail.com> In-Reply-To: <5235bcad-4ff9-4aa1-97ac-30766e114cef@plan-b.pwste.edu.pl> References: <5235bcad-4ff9-4aa1-97ac-30766e114cef@plan-b.pwste.edu.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail-697F7FFB-CB5F-46F7-86CF-38BA14C80E2C
Content-Type: text/html;
charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D=
utf-8"></head><body dir=3D"auto"><div dir=3D"ltr"></div><div dir=3D"ltr">Hmm=
. It shouldn=E2=80=99t fail in that way regardless. Which version of freebsd=
are you running on?</div><div dir=3D"ltr"><br><blockquote type=3D"cite">On O=
ct 6, 2024, at 4:14=E2=80=AFPM, Marek Zarychta <zarychtam@plan-b.pwste.ed=
u.pl> wrote:<br><br></blockquote></div><blockquote type=3D"cite"><div dir=
=3D"ltr">=EF=BB=BF
=20
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF-8"=
>
=20
=20
<div class=3D"moz-cite-prefix">W dniu 6.10.2024 o 22:04, David Cros=
s
pisze:<br>
</div>
<blockquote type=3D"cite" cite=3D"mid:5FCA5CA0-7F07-44A7-95A3-672AB8C2C6=
A1@crossfamilyweb.com">
<pre wrap=3D"" class=3D"moz-quote-pre">Here=E2=80=99s the thing. The c=
urrent implementation of nscd DOESN=E2=80=99T WORK at all. There is a symbol=
that nscd exports that libc is supposed to use as a flag to bypass lookups =
for nscd itself. But that symbol isn=E2=80=99t exported right.=20
You will need to recompile libc and nscd. (I just do a buildworld to make su=
re i get everything as there are makefile changes related to the aforementio=
ned symbol changes.=20
</pre>
</blockquote>
<p>Yes, without world installed this patched nscd won't even start:</p>
<p></p>
<p>[host] /usr/src# service nscd start<br>
Starting nscd.<br>
limits: setrlimit pipebuf: Invalid argument<br>
/etc/rc.d/nscd: WARNING: failed to start nscd<br>
<span style=3D"white-space: pre-wrap">
</span></p>
<blockquote type=3D"cite" cite=3D"mid:5FCA5CA0-7F07-44A7-95A3-672AB8C2C6=
A1@crossfamilyweb.com">
<pre wrap=3D"" class=3D"moz-quote-pre">And then after that make sure t=
o check getgroupentries too</pre>
</blockquote>
<p>The number of groups is much lower, so the whole difference is
like 0.01 vs 0.02 s, but yes, lookup is 100% faster when nscd is=
not running (regardless to the state of the application of =
the
patch).<br>
</p>
<blockquote type=3D"cite" cite=3D"mid:5FCA5CA0-7F07-44A7-95A3-672AB8C2C6=
A1@crossfamilyweb.com">
<pre wrap=3D"" class=3D"moz-quote-pre">
</pre>
<blockquote type=3D"cite">
<pre wrap=3D"" class=3D"moz-quote-pre">On Oct 6, 2024, at 3:57=E2=80=
=AFPM, Marek Zarychta <a class=3D"moz-txt-link-rfc2396E" href=3D"mailto:zary=
chtam@plan-b.pwste.edu.pl"><zarychtam@plan-b.pwste.edu.pl></a> wrote:
=EF=BB=BFW dniu 6.10.2024 o 20:35, David E. Cross pisze:
</pre>
<blockquote type=3D"cite">
<pre wrap=3D"" class=3D"moz-quote-pre">Please, love to get some ey=
es on this. As it stands nscd is completely useless for LDAP for getgroupme=
mbership (and really ANY implementation that defines a specific implementati=
on of getgroupmembership, since it will then bypass the non-existent NSCD ve=
rsion). Additionally it fixes bugs with negative caching as well as increas=
es thread safety.
</pre>
</blockquote>
<pre wrap=3D"" class=3D"moz-quote-pre">Thank you for this patch. I a=
m not competent to review this code, but can test it. Really, our nscd with L=
DAP is a nightmare. I have set filters to narrow lookups, but with full dire=
ctory, when nscd is runnig I have have such timings:
[host] ~# /usr/bin/time getent passwd > /dev/null
0.62 real 0.06 user 0.15 sys
[host] ~# /usr/bin/time getent passwd > /dev/null
0.47 real 0.07 user 0.12 sys
[host] ~# /usr/bin/time getent passwd > /dev/null
0.46 real 0.04 user 0.15 sys
After stopping nscd service:
[host] ~# /usr/bin/time getent passwd > /dev/null
0.15 real 0.03 user 0.06 sys
[host] ~# /usr/bin/time getent passwd > /dev/null
0.16 real 0.01 user 0.08 sys
Unfortunately, with this patch applied there is no much improvement:
[host] ~# /usr/bin/time getent passwd > /dev/null
0.65 real 0.03 user 0.19 sys
[host] ~# /usr/bin/time getent passwd > /dev/null
0.48 real 0.02 user 0.22 sys
[host] ~# /usr/bin/time getent passwd > /dev/null
0.43 real 0.06 user 0.12 sys
The test were run on most recent stable/14 with net/nss-pam-ldapd as a Name S=
ervice Switch module for LDAP lookup.
--
Marek Zarychta
</pre>
</blockquote>
<pre wrap=3D"" class=3D"moz-quote-pre">
</pre>
</blockquote>
<p><br>
</p>
<pre class=3D"moz-signature" cols=3D"72">--=20
Marek Zarychta</pre>
=20
</div></blockquote></body></html>=
--Apple-Mail-697F7FFB-CB5F-46F7-86CF-38BA14C80E2C--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F5ADF6BE-DAF9-4741-A1DD-EDB81A3F6786>