[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Sometimes getent missing users

To: Jocke M <jocke.martensson@gmail.com>
Subject: Re: Sometimes getent missing users
From: Benjamin Griese <der.darude@gmail.com>
Date: Wed, 20 Oct 2010 12:42:34 +0200
Cc: Ralf Haferkamp <rhafer@suse.de>, openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=JU3Akc26gBA3ykQ9FeN5j5N5udUuCJrI1KtpJMs/HX0=; b=TkE6Wm/XfqYnQR+3mOnM4xietXfLzbuR7uBSbn5CMrZSdkly1XR+yeCT0Dq+OTe+bh Jm+oTzeXV9KfNl3mVRUaIhz47Wr7tF21t2KzExFumi7X2D1Amc5aWqZL7C/PtBdfljoP knLBKLJPuHNZhzvFFD/1o05+KKa+rW2ctBu8Y=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=TwBX+OkW1DWU8BTCyrLOr6ietmeu/9HfZxHCchrOIcTiWHu0LQrSR0cK6Tn5+8TxyY qhWcN3S/gIDks9jnUiRISjUFDvKcgtWFfevFP9rcvWG0ayGmAAPBlp5k+sCEU6WuF61g pb5CPhqZeA08k2qavTQOLUzvFCen3MJoLtk8g=
In-reply-to: <AANLkTinr-KnZdw=LyHJEyxgTLJTVMjV=gNaFLs5zgbc7@mail.gmail.com>
References: <AANLkTimTNEhLCCvkA3O7Dx9YB72CPqe=vJrOrEGOAGtC@mail.gmail.com> <4CBD9541.5000908@ias.edu> <AANLkTimog-1ewjzSD4kVCGYD2nXgZ89N9gCtjzd5xYei@mail.gmail.com> <201010201111.02251.rhafer@suse.de> <AANLkTinr-KnZdw=LyHJEyxgTLJTVMjV=gNaFLs5zgbc7@mail.gmail.com>

Hi,
does paging in this context refer to a caching mechanism?
Even the man pages says paging, could be paging like less/more. :)

Bye.

On Wed, Oct 20, 2010 at 11:56, Jocke M <jocke.martensson@gmail.com> wrote:
> Hi,
>
> It was not a wild guess. As soon as I added the value "nss_paged_results no"
> it worked.
> Now getent always returns 1624 users.
>
> Thank you
>
> /Jocke
>
> On Wed, Oct 20, 2010 at 11:11, Ralf Haferkamp <rhafer@suse.de> wrote:
>>
>> Hi,
>>
>> Am Mittwoch 20 Oktober 2010, 08:33:32 schrieb Jocke M:
>> > Hi,
>> >
>> > I did use the ldapsearch and here is what I found out
>> >
>> > ldapsearch "ldapserver" returned 1586 users
>> > /etc/passwd has 38 users
>> >
>> > nsswitch.conf
>> > passwd:     files ldap
>> >
>> > So sometimes I assume getent returns files (38) + ldap (1586) = 1624
>> >
>> > But mostly getent only returns 1038
>> >
>> > Sizelimit on the ldap server is set to 5000
>> >
>> > Can it be that sometimes only 1000 users gets returned from the getent
>> > ldap search? And if so, why?
>> This is just a wild guess, but IIRC, 1000 is the default page size when
>> nss_ldap is configured to use the LDAP paging control. Problably the
>> nss_ldap Version or your server has problems processing this control,
>> IIRC there have been some problems with paged results in nss_ldap in the
>> past. Please test what happens if you use "nss_paged_results no" in your
>> nss_ldap config (hopefully you nss_ldap is recent enough to have that
>> option).
>>
>> > /Jocke
>> >
>> > On Tue, Oct 19, 2010 at 14:55, Prentice Bisbal <prentice@ias.edu>
>> wrote:
>> > > Jocke M wrote:
>> > > > Hello,
>> > > >
>> > > > We are running an OpenLDAP server on RHEL4 and I just found out
>> > > > that running getent on the RHEL clients sometimes missed users
>> > > > against the OpenLDAP server.
>> > > >
>> > > > Example:
>> > > > getent passwd | wc -l
>> > > > 1038
>> > > >
>> > > > getent passwd | wc -l
>> > > > 1624
>> > > >
>> > > > Does anyone know what can be faulty, either on the clients or the
>> > > > server?
>> > > >
>> > > > --
>> > > > Thx
>> > > > Jocke
>> > >
>> > > Did those results occur on the same client, or are those results
>> > > from two different clients?
>> > >
>> > > If two different clients are returning different results, I'd
>> > > compare the /etc/ldap.conf and /etc/openldap/ldap.conf files first.
>> > > It could be that one has a different filter criteria than the
>> > > other. Or, if you've recently upgraded your LDAP servers, one
>> > > client could still be point to an old LDAP server that doesn't have
>> > > new entries.
>> > >
>> > > Try using the ldapsearch command with the same search criteria and
>> > > see if you get the same results. I would use the -h or -H switch to
>> > > make sure you are using the server you think you are using (change
>> > > specifics accordingly)
>> > >
>> > > ldapsearch -LLL -h yourldapserver.example.com -b dc=example,dc=com
>> > > "objectClass=posixAccount" dn
>> > >
>> > > --
>> > > Prentice
>>
>> Ralf
>
>
>
> --
> Mvh
> Jocke
>



-- 
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To
be is to do -- Sartre | Do be do be do -- Sinatra

Follow-Ups:
- Re: Sometimes getent missing users
  - From: Jonathan CLARKE <jonathan.clarke@normation.com>

References:
- Sometimes getent missing users
  - From: Jocke M <jocke.martensson@gmail.com>
- Re: Sometimes getent missing users
  - From: Prentice Bisbal <prentice@ias.edu>
- Re: Sometimes getent missing users
  - From: Jocke M <jocke.martensson@gmail.com>
- Re: Sometimes getent missing users
  - From: Ralf Haferkamp <rhafer@suse.de>
- Re: Sometimes getent missing users
  - From: Jocke M <jocke.martensson@gmail.com>

Prev by Date: Re: Sometimes getent missing users
Next by Date: Re: Sometimes getent missing users
Index(es):
- Chronological
- Thread