[Bug 616719] Re: slow group indexing when using huge ldap

Michael Lustfield 616719 at bugs.launchpad.net
Sat Jan 18 03:31:37 UTC 2014 

I've been noticing a similar issue. As our environment grows, it's
becoming increasingly crippling. I filed a similar bug a while ago that
might shed a small amount of light on the situation, but probably not
actually get us anywhere.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730053

44sec? That's nice. It takes me >12min since we have >30,000 users. :(

** Bug watch added: Debian Bug tracker #730053
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730053

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libnss-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/616719

Title:
  slow group indexing when using huge ldap

Status in “libnss-ldap” package in Ubuntu:
  In Progress

Bug description:
  Binary package hint: libnss-ldap

  We have a OpenLDAP server with more than 50.000 user accounts and
  almost 5.000 groups. Some of these groups may refer to more than
  20.000 users. When a user, which is a member of one of the big groups,
  tries to logon from an LDAP client host it takes several minutes
  before the prompt appears.

  Executing "id [uid]" has a similar effect.

  During the wait CPU load on the LDAPclient machine goes high and the
  OpenLDAP server is bombarded with ldap searches from the Ubuntu client
  machine.

  Judging from the ldap log on the server it seems that the Ubuntu ldap
  client cycles trough all group memberships for the requested uid and
  verifies that all other members of the same group are present in the
  ldap people tree.

  > gqv604 at nms:~$ cat /etc/issue
  > Ubuntu 10.04 LTS \n \l
  > gqv604 at nms:~$ apt-cache policy libnss-ldap
  > libnss-ldap:
  >   Installeret: 264-2ubuntu2
  >   Kandidat: 264-2ubuntu2
  >   Versionstabel:
  >  *** 264-2ubuntu2 0
  >         500 http://dk.archive.ubuntu.com/ubuntu/ lucid/main Packages
  >         100 /var/lib/dpkg/status

  This makes it impossible to use an Ubuntu host in a large scale
  environment.

  ProblemType: Bug
  DistroRelease: Ubuntu 10.04
  Package: libnss-ldap 264-2ubuntu2
  ProcVersionSignature: Ubuntu 2.6.32-21.32-server 2.6.32.11+drm33.2
  Uname: Linux 2.6.32-21-server x86_64
  Architecture: amd64
  Date: Thu Aug 12 12:25:53 2010
  InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
  ProcEnviron:
   LANG=da_DK.UTF-8
   SHELL=/bin/bash
  SourcePackage: libnss-ldap

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/616719/+subscriptions

More information about the foundations-bugs mailing list