[Bug 616719] Re: slow group indexing when using huge ldap
I've been noticing a similar issue. As our environment grows, it's becoming increasingly crippling. I filed a similar bug a while ago that might shed a small amount of light on the situation, but probably not actually get us anywhere. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730053 44sec? That's nice. It takes me >12min since we have >30,000 users. :( ** Bug watch added: Debian Bug tracker #730053 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730053 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/616719 Title: slow group indexing when using huge ldap To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/616719/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 616719] Re: slow group indexing when using huge ldap
Bug still exists time id real0m44.414s user0m4.152s sys 0m0.292s ** Changed in: libnss-ldap (Ubuntu) Status: Expired => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/616719 Title: slow group indexing when using huge ldap -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 616719] Re: slow group indexing when using huge ldap
[Expired for libnss-ldap (Ubuntu) because there has been no activity for 60 days.] ** Changed in: libnss-ldap (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/616719 Title: slow group indexing when using huge ldap -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 616719] Re: slow group indexing when using huge ldap
Philipp: Thanks for notifying about the other ldap possibility. While I am not sure that I agree on libnss-ldap is the cource of the problem (see timing on OpenSUSE above) replacing it with nslcd and libnss-ldapd certainly improves login time to an acceptable level: m...@myserver:~$ time id tfp696 /...id output removed.../ real0m7.034s user0m0.050s sys 0m0.020s This still still 3 times more than OpenSUSE/nss_ldap, but fully useable so you can consider this issue as resolved. -- slow group indexing when using huge ldap https://bugs.launchpad.net/bugs/616719 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 616719] Re: slow group indexing when using huge ldap
Klaus: in an environment of this size, I strongly recommend against using libnss-ldap, because it just doesn't scale well enough. Please try installing nslcd and libnss-ldapd (notice the d), get it running, after that add nscd again, and evaluate if this better fits your needs. If it doesn't, you might also have a look at sssd and libnss-sss, but AFAICR that's only really available starting from maverick. BTW both these daemons come with their own pam packages, which replace libpam-ldap. -- slow group indexing when using huge ldap https://bugs.launchpad.net/bugs/616719 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 616719] Re: slow group indexing when using huge ldap
By reducing the number of groups in our setup we have managed to improve log on time a little. But login and using the id command is still terribly slow. This is a showstopper for us in offering Ubuntu as a choice in our university virtual hosting service. Please let me know if I can be of further help to debug this problem. -- slow group indexing when using huge ldap https://bugs.launchpad.net/bugs/616719 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 616719] Re: slow group indexing when using huge ldap
Yes. Based on a few tests done by hand on OpenSUSE, nscd speeds up the process a lot: When nscd is running I get a response within 100 mSec in average, sometimes down to 8 mSec and maximum 2.2 seconds. If I stop nscd, answer times ranges between 400 mSec and 2 seconds - the average around 800 mSec. Requesting a new uid (not cached) with each request does not seem to add much to these figures. I only did 4 tests on Ubuntu 2 with nscd running - and the same 2 tests without nscd. With nscd: 2 minutes 51sec., and 16 minutes and the same to tests without nscd: 3 minutes, and 14 minutes. The differences is negligible and most likely due to other load on the ldap server I think. -- slow group indexing when using huge ldap https://bugs.launchpad.net/bugs/616719 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 616719] Re: slow group indexing when using huge ldap
Excerpts from Klaus Vink Slott's message of Fri Aug 13 07:02:36 UTC 2010: > > I do not know if the problem is present upstream, actually I cant say for > sure that the problem is in nss_ldap itself. But we do have a lot of OpenSUSE > running in the same setup and have newer seen this problem before. Our > OpenSUSE is now at .. > Version : 264 Vendor: openSUSE > Release : 3.1 Build Date: man 19 okt 2009 18:45:47 CEST > Source RPM: nss_ldap-264-3.1.src.rpm > > witch seems to be pretty much the same version. > Is nscd running on the opensuse systems? -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- slow group indexing when using huge ldap https://bugs.launchpad.net/bugs/616719 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 616719] Re: slow group indexing when using huge ldap
Hi Scott, thanks for looking into this. I have never used Ubuntu in a environment like this before (actually I'v never really used Ubuntu) so I cant say for sure. But this guy http://ubuntuforums.org/showthread.php?t=1238322 might have been hit by the same issue in August last year. I do not know if the problem is present upstream, actually I cant say for sure that the problem is in nss_ldap itself. But we do have a lot of OpenSUSE running in the same setup and have newer seen this problem before. Our OpenSUSE is now at .. Version : 264 Vendor: openSUSE Release : 3.1 Build Date: man 19 okt 2009 18:45:47 CEST Source RPM: nss_ldap-264-3.1.src.rpm witch seems to be pretty much the same version. -- slow group indexing when using huge ldap https://bugs.launchpad.net/bugs/616719 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 616719] Re: slow group indexing when using huge ldap
Klaus, Thank you for taking the time to make a good bug report. Do you know if this behaviour is a regression from a previous ubuntu release ? Do you know if this behaviour is present in the upstream nss_ldap code ? ** Changed in: libnss-ldap (Ubuntu) Importance: Undecided => Medium ** Changed in: libnss-ldap (Ubuntu) Status: New => Triaged ** Changed in: libnss-ldap (Ubuntu) Status: Triaged => Incomplete -- slow group indexing when using huge ldap https://bugs.launchpad.net/bugs/616719 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 616719] Re: slow group indexing when using huge ldap
** Tags added: ldap ** Tags removed: amd64 apport-bug lucid -- slow group indexing when using huge ldap https://bugs.launchpad.net/bugs/616719 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 616719] Re: slow group indexing when using huge ldap
** Attachment added: "Dependencies.txt" https://bugs.launchpad.net/bugs/616719/+attachment/1485780/+files/Dependencies.txt -- slow group indexing when using huge ldap https://bugs.launchpad.net/bugs/616719 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
