Re: Review D38047 ... and then there was one....
- Reply: David Cross : "Re: Review D38047 ... and then there was one...."
- In reply to: David E. Cross: "Review D38047 ... and then there was one...."
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 06 Oct 2024 19:56:27 UTC
W dniu 6.10.2024 o 20:35, David E. Cross pisze: > Please, love to get some eyes on this. As it stands nscd is > completely useless for LDAP for getgroupmembership (and really ANY > implementation that defines a specific implementation of > getgroupmembership, since it will then bypass the non-existent NSCD > version). Additionally it fixes bugs with negative caching as well as > increases thread safety. Thank you for this patch. I am not competent to review this code, but can test it. Really, our nscd with LDAP is a nightmare. I have set filters to narrow lookups, but with full directory, when nscd is runnig I have have such timings: [host] ~# /usr/bin/time getent passwd > /dev/null 0.62 real 0.06 user 0.15 sys [host] ~# /usr/bin/time getent passwd > /dev/null 0.47 real 0.07 user 0.12 sys [host] ~# /usr/bin/time getent passwd > /dev/null 0.46 real 0.04 user 0.15 sys After stopping nscd service: [host] ~# /usr/bin/time getent passwd > /dev/null 0.15 real 0.03 user 0.06 sys [host] ~# /usr/bin/time getent passwd > /dev/null 0.16 real 0.01 user 0.08 sys Unfortunately, with this patch applied there is no much improvement: [host] ~# /usr/bin/time getent passwd > /dev/null 0.65 real 0.03 user 0.19 sys [host] ~# /usr/bin/time getent passwd > /dev/null 0.48 real 0.02 user 0.22 sys [host] ~# /usr/bin/time getent passwd > /dev/null 0.43 real 0.06 user 0.12 sys The test were run on most recent stable/14 with net/nss-pam-ldapd as a Name Service Switch module for LDAP lookup. -- Marek Zarychta