On Fri, 2013-07-19 at 12:53 +0200, Marco d'Itri wrote: > I have a theory, but I have not verified it by looking at the code: > I can see in the nslcd debug log that "passwd(all)" is requested, but > then only a few lines are listed in the log (and IIRC they are followed > by an error which suggests that the client stopped requesting data). > So I wonder if the problem is that: > - proftpd requests passwd(all) > - but it only looks at the first few results and then calls endpwent(3) > or something like this > - libnss-ldap then would immediately stop requesting records from the > LDAP server > - but libnss-ldapd uses nslcd which is persistent, so nslcd would still > receive all data even if the client does not care anymore > > Does this look reasonable to you? > If it is true then I do not think that it would be a libnss-ldapd bug.
That would indeed be a difference between libnss-ldap and libnss-ldapd/nslcd. nslcd has by default 5 threads that handle requests and pass the results back to the NSS module. To achieve reasonable performance and not tie up the threads too long, the communication between nslcd and the NSS module is buffered (on both ends) with reasonably large buffers. This could result in considerable more results being requested from the LDAP server with libnss-ldapd/nslcd than with libnss-ldap. -- -- arthur - [email protected] - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
