Hi Christian,
Just close it. I did some modifications to nsswitch.conf and the pam_ldap
stack. I do not use the PADL ldap software anymore. I switch to nslcd.
Regards
On 22-04-10 23:42, Christian Kastner wrote:
Hi Bas,
Bas van der Vlies wrote:
First a brief description of our setup:
- +/- 800 nodes installed with debian
- more then 4000 users and each user has its own group
- 2 LDAP servers (master/slave) setup
This is what i encountered when cron runs a script. This script is started
on each node and it does an initgroups call. This call have i huge impact
on our LDAP servers. It fetches all the groups and will find out if the
user is a member of the group. This can be useful for all users except
root.
I don't consider this a bug - cron is doing here exactly what it is
expected to do. I agree that the call to initgroups() is redundant, but
there might actually be (broken?) code relying on this.
The heart of this issue is simply performance. Are you using NSS, nscd
etc? Other bug reports mentioning performance issues with cron which
were related to a specific version of libpam-ldap, so that could be a
cause, too.
I can make a patch that is skip this check for root user or we can
add environment variable to /etc/crontab:
SKP_INITGROUPS=root
I think this could be achieved much more easily via NSS with the
following setting in nsswitch.conf:
nss_initgroups_ignoreusers root
I don't use NSS, so I cannot vouch for this. But looking at #457200,
this approach might even be more beneficial to you than changing cron's
source.
Please let me know if you disagree with my assessment. Otherwise, I'd
like to close this bug.
Thanks,
Christian
--
********************************************************************
* Bas van der Vlies e-mail: b...@sara.nl *
* SARA - Academic Computing Services Amsterdam, The Netherlands *
********************************************************************
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
