On Jul 19, Arthur de Jong <adej...@debian.org> wrote: > Are you saying there is a significant performance difference when > running "getent passwd" (or running proftpd) in your environment between > libnss-ldap and libnss-ldapd? Yes: "getent passwd" works on both systems, but when I switch from libnss-ldap to libnss-ldapd proftpd generates tens of Mbps of LDAP traffic with these "all" queries.
I have a theory, but I have not verified it by looking at the code: I can see in the nslcd debug log that "passwd(all)" is requested, but then only a few lines are listed in the log (and IIRC they are followed by an error which suggests that the client stopped requesting data). So I wonder if the problem is that: - proftpd requests passwd(all) - but it only looks at the first few results and then calls endpwent(3) or something like this - libnss-ldap then would immediately stop requesting records from the LDAP server - but libnss-ldapd uses nslcd which is persistent, so nslcd would still receive all data even if the client does not care anymore Does this look reasonable to you? If it is true then I do not think that it would be a libnss-ldapd bug. -- ciao, Maro
signature.asc
Description: Digital signature