Public bug reported: Binary package hint: libnss-ldap
We have a OpenLDAP server with more than 50.000 user accounts and almost 5.000 groups. Some of these groups may refer to more than 20.000 users. When a user, which is a member of one of the big groups, tries to logon from an LDAP client host it takes several minutes before the prompt appears. Executing "id [uid]" has a similar effect. During the wait CPU load on the LDAPclient machine goes high and the OpenLDAP server is bombarded with ldap searches from the Ubuntu client machine. Judging from the ldap log on the server it seems that the Ubuntu ldap client cycles trough all group memberships for the requested uid and verifies that all other members of the same group are present in the ldap people tree. > gqv...@nms:~$ cat /etc/issue > Ubuntu 10.04 LTS \n \l > gqv...@nms:~$ apt-cache policy libnss-ldap > libnss-ldap: > Installeret: 264-2ubuntu2 > Kandidat: 264-2ubuntu2 > Versionstabel: > *** 264-2ubuntu2 0 > 500 http://dk.archive.ubuntu.com/ubuntu/ lucid/main Packages > 100 /var/lib/dpkg/status This makes it impossible to use an Ubuntu host in a large scale environment. ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: libnss-ldap 264-2ubuntu2 ProcVersionSignature: Ubuntu 2.6.32-21.32-server 2.6.32.11+drm33.2 Uname: Linux 2.6.32-21-server x86_64 Architecture: amd64 Date: Thu Aug 12 12:25:53 2010 InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427) ProcEnviron: LANG=da_DK.UTF-8 SHELL=/bin/bash SourcePackage: libnss-ldap ** Affects: libnss-ldap (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug lucid -- slow group indexing when using huge ldap https://bugs.launchpad.net/bugs/616719 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
