Re: Review D38047 ... and then there was one....

From: David Cross <david_at_crossfamilyweb.com>
Date: Sun, 06 Oct 2024 20:04:01 UTC
Here’s the thing. The current implementation of nscd DOESN’T WORK at all. There is a symbol that nscd exports that libc is supposed to use as a flag to bypass lookups  for nscd itself. But that symbol isn’t exported right. 

You will need to recompile libc and nscd. (I just do a buildworld to make sure i get everything as there are makefile changes related to the aforementioned symbol changes. 

And then after that make sure to check getgroupentries too

> On Oct 6, 2024, at 3:57 PM, Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> wrote:
> 
> W dniu 6.10.2024 o 20:35, David E. Cross pisze:
>> Please, love to get some eyes on this.  As it stands nscd is completely useless for LDAP for getgroupmembership (and really ANY implementation that defines a specific implementation of getgroupmembership, since it will then bypass the non-existent NSCD version).  Additionally it fixes bugs with negative caching as well as increases thread safety.
> 
> Thank you for this patch. I am not competent to review this code, but can test it. Really, our nscd with LDAP is a nightmare. I have set filters to narrow lookups, but with full directory, when  nscd is runnig I have have such timings:
> 
> [host] ~# /usr/bin/time getent passwd > /dev/null
>         0.62 real         0.06 user         0.15 sys
> [host] ~# /usr/bin/time getent passwd > /dev/null
>         0.47 real         0.07 user         0.12 sys
> [host] ~# /usr/bin/time getent passwd > /dev/null
>         0.46 real         0.04 user         0.15 sys
> 
> After stopping nscd service:
> 
> [host] ~# /usr/bin/time getent passwd > /dev/null
>         0.15 real         0.03 user         0.06 sys
> [host] ~# /usr/bin/time getent passwd > /dev/null
>         0.16 real         0.01 user         0.08 sys
> 
> Unfortunately, with this patch applied there is no much improvement:
> 
> [host] ~# /usr/bin/time getent passwd > /dev/null
>         0.65 real         0.03 user         0.19 sys
> [host] ~# /usr/bin/time getent passwd > /dev/null
>         0.48 real         0.02 user         0.22 sys
> [host] ~# /usr/bin/time getent passwd > /dev/null
>         0.43 real         0.06 user         0.12 sys
> 
> The test were run on most recent stable/14 with net/nss-pam-ldapd as a Name Service Switch module for LDAP lookup.
> 
> --
> Marek Zarychta
>