Bug#478950: desktop-profiles

Thu, 01 May 2008 14:31:18 -0700 

Package: desktop-profiles
Version: 1.4.13
Tags: patch

I ran into this problem when using desktop-profiles in Debian Edu with
a large LDAP directory from MS Active Directory.  Because of the way
the NSS API is structured, getting the group membership if a random
user is a very slow process (need to call setgrent(), loop over
getgrent() and finish off with endgrent()), and with 15000 groups and
70 000 users, this proved to take 20-30 minutes.  On the other hand,
just running 'groups' to get the current users group membership is a
quick process, because the kernel already know the group membership,
fetched at login using initgroups() which is a quick operation.

The result is that a login with desktop-profile installed takes 20-30
minutes.  To avoid the problem in the common case, where the current
users membership is looked up, I propose to rewrite the listingmodule
script to call 'groups' with no argument unless a different user is
requested.  I am also working on trying to speed up nss-ldapd, but
suspect it require a redesign of the NSS API, and thus will not happen
any time soon. :)

As a further optimization, I replace the groups call to use 'id -gN'
instead.  This is the call used by /usr/bin/groups internally to get
the groups, and it remove the need to reformat of the output using
sed.

diff -Nru /tmp/ffrOaTouSm/desktop-profiles-1.4.14/listingmodule 
/tmp/uvXTuP9rHd/desktop-profiles-1.4.15/listingmodule
--- /tmp/ffrOaTouSm/desktop-profiles-1.4.14/listingmodule       2006-06-06 
11:14:23.000000000 +0200
+++ /tmp/uvXTuP9rHd/desktop-profiles-1.4.15/listingmodule       2008-05-01 
23:08:04.000000000 +0200
@@ -51,9 +51,15 @@
     exit;
   fi;

-  # initialize needed variables
-  OUR_USER=${2:-$USER}
-  OUR_GROUPS=`groups $OUR_USER | sed "s/^\$OUR_USER : //"`
+  # initialize needed variables.  Do not give argument to groups when looking 
up the current
+  # user, to avoid expensive lookup with LDAP NSS.
+  if [ -z "$2" ] || [ "$USER" = "$2" ]; then
+    OUR_USER="$USER"
+    OUR_GROUPS="`id -Gn`"
+  else
+    OUR_USER=$2
+    OUR_GROUPS="`id -Gn -- $OUR_USER`"
+  fi

   # !... requirement
   if (echo "$1" | grep '^!' > /dev/null) ; then

Happy hacking,
-- 
Petter Reinholdtsen



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to