From nobody Sun Oct 6 20:17:01 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XMD8q6HLnz5YVV5 for ; Sun, 06 Oct 2024 20:17:15 +0000 (UTC) (envelope-from dcrosstech@gmail.com) Received: from mail-qt1-x82b.google.com (mail-qt1-x82b.google.com [IPv6:2607:f8b0:4864:20::82b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XMD8q0q7Fz4k3j for ; Sun, 6 Oct 2024 20:17:15 +0000 (UTC) (envelope-from dcrosstech@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-qt1-x82b.google.com with SMTP id d75a77b69052e-4582a0b438aso31707991cf.0 for ; Sun, 06 Oct 2024 13:17:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728245834; x=1728850634; darn=freebsd.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=mtBmG92uzu4Z7Y6yIiDsLsqEFwl312eTIHJexqcQUiw=; b=LgiyQH+XEgDLom1lB/yXqxssnQWez7mb5t7tK+FF2Jah5xEm1XGQW9o3Lx4hfUgXEM AiPXtUtV/0MZ8ZVx1YWw8PGkkOUGwPxJc/B8+1is9HLxsJdnnvEu1qe6oZGllkYzexoo tSgcjN5xpMBQoyYuWdwbeQu3AePZihLVNQz41vWYsIe/jn6EQAuniKUHFMbbtvPBxrLr LH4G+Z91KvCqJR7jilIlb3UaRGdxF/qU29+ooQ1k5o4jL3gzuKJDzBivK2yypqe6qF3F IsksZQk57nDiYNkAJiGxZYTXVVRg3fj39zSss2m8rhL7/5wxRhm4h4K1obNa37r2isEY JEzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728245834; x=1728850634; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mtBmG92uzu4Z7Y6yIiDsLsqEFwl312eTIHJexqcQUiw=; b=NPgh5pBuZtRCzjZXtaYZzCsvghzSycDFTANbL7scVXsFI7UPCWGu5FqKLXNQwowh9Q 3btyxOkKp1H6MbslqyD6LhpiTnppCtYz2HlquDWZSFDW9BLZGM0z2LxQDDYGWSnjrKKL 0pvgGqBwhhcU+97D89rrb0KTaZw76MGFmnibuPAoKq5FzAoWqwRF4oDaXtXqvfGegUvb MjcQLfKGiF37Mej1rJRbqGRyRjWyc+y0xChuObowe/ExkAsg30kUIwSHcyjYtdw8PGpT eUv4Y13c05xueqbFRfwlO40BXEH8fXQkJsrRHXUUp5srLNWc18knJK0Kx1GBRI0l4E1e F5SA== X-Forwarded-Encrypted: i=1; AJvYcCVzl0A+XuA987kAHPWjq5YSHrFpAEuw+TCv/CdjevvmA6A16T9wjXQ0Js0oJgSeS2SS7Brpvp9V6IikPLvolMU=@freebsd.org X-Gm-Message-State: AOJu0YxIsurpPaFczrJt7KhLyctVkZSvCXN69Q28MZcQdtqZg7QNL6J/ trPLXXgmTMsaAwizao2yC8xmOSMUoCkxwO18NLa853o+dbqN6h/5Ado9sQ== X-Google-Smtp-Source: AGHT+IHCKT/V1/JyUozQXgOzFtxXNlxOcyIUk8X4AAVcGyi/x/cVNmrEv4lUXpnwSejl4ooQL8CQkw== X-Received: by 2002:ac8:58d0:0:b0:458:14c8:3ed5 with SMTP id d75a77b69052e-45d9ba454d3mr164522271cf.22.1728245834201; Sun, 06 Oct 2024 13:17:14 -0700 (PDT) Received: from smtpclient.apple ([2600:1017:b0c7:642f:dd00:ec27:f3c8:336c]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-45da75ed2e6sm19708741cf.76.2024.10.06.13.17.12 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 06 Oct 2024 13:17:13 -0700 (PDT) Content-Type: multipart/alternative; boundary=Apple-Mail-697F7FFB-CB5F-46F7-86CF-38BA14C80E2C Content-Transfer-Encoding: 7bit From: David Cross List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org Mime-Version: 1.0 (1.0) Subject: Re: Review D38047 ... and then there was one.... Date: Sun, 6 Oct 2024 16:17:01 -0400 Message-Id: References: <5235bcad-4ff9-4aa1-97ac-30766e114cef@plan-b.pwste.edu.pl> Cc: David Cross , FreeBSD Hackers In-Reply-To: <5235bcad-4ff9-4aa1-97ac-30766e114cef@plan-b.pwste.edu.pl> To: Marek Zarychta X-Mailer: iPhone Mail (22A3370) X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4XMD8q0q7Fz4k3j X-Spamd-Bar: ---- --Apple-Mail-697F7FFB-CB5F-46F7-86CF-38BA14C80E2C Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
Hmm= . It shouldn=E2=80=99t fail in that way regardless. Which version of freebsd= are you running on?

On O= ct 6, 2024, at 4:14=E2=80=AFPM, Marek Zarychta <zarychtam@plan-b.pwste.ed= u.pl> wrote:

=EF=BB=BF =20 =20 =20
W dniu 6.10.2024 o 22:04, David Cros= s pisze:
Here=E2=80=99s the thing. The c=
urrent implementation of nscd DOESN=E2=80=99T WORK at all. There is a symbol=
 that nscd exports that libc is supposed to use as a flag to bypass lookups =
 for nscd itself. But that symbol isn=E2=80=99t exported right.=20

You will need to recompile libc and nscd. (I just do a buildworld to make su=
re i get everything as there are makefile changes related to the aforementio=
ned symbol changes.=20

Yes, without world installed this patched nscd won't even start:

[host] /usr/src# service nscd start
Starting nscd.
limits: setrlimit pipebuf: Invalid argument
/etc/rc.d/nscd: WARNING: failed to start nscd

And then after that make sure t=
o check getgroupentries too

The number of groups is much lower, so the whole difference is like 0.01 vs 0.02 s, but yes, lookup is 100% faster when nscd  is= not running (regardless to the state of the  application of = the patch).


      

        
On Oct 6, 2024, at 3:57=E2=80=
=AFPM, Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> wrote:

=EF=BB=BFW dniu 6.10.2024 o 20:35, David E. Cross pisze:


        

          
Please, love to get some ey=
es on this.  As it stands nscd is completely useless for LDAP for getgroupme=
mbership (and really ANY implementation that defines a specific implementati=
on of getgroupmembership, since it will then bypass the non-existent NSCD ve=
rsion).  Additionally it fixes bugs with negative caching as well as increas=
es thread safety.


        

        
Thank you for this patch. I a=
m not competent to review this code, but can test it. Really, our nscd with L=
DAP is a nightmare. I have set filters to narrow lookups, but with full dire=
ctory, when  nscd is runnig I have have such timings:

[host] ~# /usr/bin/time getent passwd > /dev/null
        0.62 real         0.06 user         0.15 sys
[host] ~# /usr/bin/time getent passwd > /dev/null
        0.47 real         0.07 user         0.12 sys
[host] ~# /usr/bin/time getent passwd > /dev/null
        0.46 real         0.04 user         0.15 sys

After stopping nscd service:

[host] ~# /usr/bin/time getent passwd > /dev/null
        0.15 real         0.03 user         0.06 sys
[host] ~# /usr/bin/time getent passwd > /dev/null
        0.16 real         0.01 user         0.08 sys

Unfortunately, with this patch applied there is no much improvement:

[host] ~# /usr/bin/time getent passwd > /dev/null
        0.65 real         0.03 user         0.19 sys
[host] ~# /usr/bin/time getent passwd > /dev/null
        0.48 real         0.02 user         0.22 sys
[host] ~# /usr/bin/time getent passwd > /dev/null
        0.43 real         0.06 user         0.12 sys

The test were run on most recent stable/14 with net/nss-pam-ldapd as a Name S=
ervice Switch module for LDAP lookup.

--
Marek Zarychta



      

      



    

    


    

    
--=20
Marek Zarychta

 =20


=

--Apple-Mail-697F7FFB-CB5F-46F7-86CF-38BA14C80E2C--