Re: Review D38047 ... and then there was one....
Date: Sun, 06 Oct 2024 20:04:01 UTC
Here’s the thing. The current implementation of nscd DOESN’T WORK at all. There is a symbol that nscd exports that libc is supposed to use as a flag to bypass lookups for nscd itself. But that symbol isn’t exported right. You will need to recompile libc and nscd. (I just do a buildworld to make sure i get everything as there are makefile changes related to the aforementioned symbol changes. And then after that make sure to check getgroupentries too > On Oct 6, 2024, at 3:57 PM, Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> wrote: > > W dniu 6.10.2024 o 20:35, David E. Cross pisze: >> Please, love to get some eyes on this. As it stands nscd is completely useless for LDAP for getgroupmembership (and really ANY implementation that defines a specific implementation of getgroupmembership, since it will then bypass the non-existent NSCD version). Additionally it fixes bugs with negative caching as well as increases thread safety. > > Thank you for this patch. I am not competent to review this code, but can test it. Really, our nscd with LDAP is a nightmare. I have set filters to narrow lookups, but with full directory, when nscd is runnig I have have such timings: > > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.62 real 0.06 user 0.15 sys > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.47 real 0.07 user 0.12 sys > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.46 real 0.04 user 0.15 sys > > After stopping nscd service: > > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.15 real 0.03 user 0.06 sys > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.16 real 0.01 user 0.08 sys > > Unfortunately, with this patch applied there is no much improvement: > > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.65 real 0.03 user 0.19 sys > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.48 real 0.02 user 0.22 sys > [host] ~# /usr/bin/time getent passwd > /dev/null > 0.43 real 0.06 user 0.12 sys > > The test were run on most recent stable/14 with net/nss-pam-ldapd as a Name Service Switch module for LDAP lookup. > > -- > Marek Zarychta >