[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldap-nis] getgrent is slow

To: ldap-nis@padl.com, openldap-software@OpenLDAP.org
Subject: Re: [ldap-nis] getgrent is slow
From: "Karl O. Pinc" <kpinc@artic.edu>
Date: Wed, 22 Mar 2000 17:35:56 -0600
Cc: nazard@dragoninc.on.ca
In-reply-to: <l03130349b4fd6b69f51d@[198.40.24.94]>
References: <l0313033eb4f80b306bf7@[198.40.24.94]> <200003170856.CAA17805@pixie.artic.edu> <l0313033bb4f6d88c52b0@[198.40.24.94]>

Ok, I was wrong about this.  I think I see a problem in the ldap-nis code.
Those who care can read on.

>The problem is in openldap.   Calls to ldap_result() with "all" = 0 (return
>1 result) have the server transfer the entire query result to the client
>for each call.
>
>Although caching in nss_ldap might help, that kind of overhead is clearly a
>no-no.
>
>Anybody know if there's any chance of this being fixed in openldap?  (I'm
>using 1.2.9 now.)
>>>>On 15 Mar, Karl O. Pinc wrote:
>>>>> Very slow.  To the point that looping through the group file is unusable.
>>>>> Does anybody have any solutions?
>>>>>
>>>>> I'm using openldap, and I think it's compiled to be ldap version 2
>>>>> compliant.  Does ldap 3 solve this?

To recap: each getgrent takes a long time and transfers _all_ the groups
from server to client.

Here's my take on what's going on in ldap-nis (version 106):
(Linux 2.2.12, RedHat 6.1, openldap 1.2.9-5, obviously this is a GNU_NSS
system)

in ldap-nss.c

Each getgrent call winds up being a call to nss_ldap_getent.

_nss_ldap_getent calls do_parse, which calls do_result, which sets the
ec_msgid ent_context_t structure element to -1 whenever async calls are
being made (all=0).  -1 is the result returned by ldap_search on error and
is the flag to _nss_ldap_getent that there is no search in progress.  So,
_nss_ldap_getent _always_ calls _nss_ldap_search, which calls ldap_search.
So each getgrent call results in a new ldap_search call.

Kurt D. Zeilenga (openldap maintainer) writes in
http://www.openldap.org/its/index.cgi/Incoming?id=487;user=guest (the
openldap.org bug tracking system -- find ITS# 487 at
http://www.openldap.org/its/index.cgi): <quote>

As entries in containers are not orderred, I would suggest that one ldap search
be issued for each sequence of getgrent() calls made by application (sets
delimited by getgroupent()/setgrent()/endgrent() calls).  One could use
ldap_result(all=0) to set through the results as needed for getgrent() or
use ldap_result(all=1) and ldap_first/next_entry().

</quote>

So, what's happening in ldap_nss.c is contrary to Kurt's recommendation.

I don't know why do_result is setting ec_msgid to -1.  I sort of get the
vibe that ent_context_t needs another element to keep track of some other
state.  I don't have time to do more with this so yall are on your own from
here.

Karl

May the Legos (TM) always be swept from your path in the night.

References:
- Re: [ldap-nis] getgrent is slow
  - From: "Karl O. Pinc" <kpinc@artic.edu>

Prev by Date: schema for PGP
Next by Date: Re: SLAPD benchmarking
Index(es):
- Chronological
- Thread