Bug#478950: desktop-profiles: Very slow with large LDAP database and NSS LDAP
[Arthur de Jong] No, the command: Ah, there has been some improvements. getgrouplist() seem to be the API function used (ran ltrace id username). Did not know about this function. It definitely resolves my complaints about the missing POSIX API. Great, thank you! Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#478950: desktop-profiles: Very slow with large LDAP database and NSS LDAP
[Arthur de Jong] Note that id -Gn without parameters can return different results than id -Gn with a user parameter. On my system I use pam_group to assign extra groups to users who login through gdm: Yes. We use the same in Debian Edu. Not quite sure why the desktop-profile code appear to handle other users that the one logging in, but one should definitely keep in mind that it isn't sure all the users group will be listed by 'groups username'. Also note that the id and groups commands from sid do the more efficient call to initgroups() instead of going over all groups (when the username is supplied). This helps a lot in terms of lookup speed with nss-ldapd. Actually, initgroups is only called when the user log in, and then the result is cached by the kernel, so id and groups fetches it from the kernel using getgroups() and does not extract it again by calling initgroups(), when looking up the current user. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#478950: desktop-profiles: Very slow with large LDAP database and NSS LDAP
On Fri, 2008-05-02 at 11:08 +0200, Petter Reinholdtsen wrote: Actually, initgroups is only called when the user log in, and then the result is cached by the kernel, so id and groups fetches it from the kernel using getgroups() and does not extract it again by calling initgroups(), when looking up the current user. No, the command: groups arthur results in the following NSS related calls: getpwnam(arthur) getpwuid(1000) (1000 is my uid) initgroups(arthur,...) initgroups(arthur,...) (no idea why the second call is performed twice though, also the getpwuid() seems to be unneeded at first glance) This is using groups from coreutils 6.10 (etch has 5.97). -- -- arthur - [EMAIL PROTECTED] - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#478950: desktop-profiles: Very slow with large LDAP database and NSS LDAP
tags 478950 pending patch is applied in svn On Friday 02 May 2008, Petter Reinholdtsen wrote: Note that id -Gn without parameters can return different results than id -Gn with a user parameter. On my system I use pam_group to assign extra groups to users who login through gdm: Yes. We use the same in Debian Edu. Not quite sure why the desktop-profile code appear to handle other users that the one logging in because 'list-desktop-profiles --user' calls it with the requested username but one should definitely keep in mind that it isn't sure all the users group will be listed by 'groups username'. adapted documentation of list-desktop-profiles to reflect that -- Cheers, cobaco (aka Bart Cornelis) signature.asc Description: This is a digitally signed message part.
