[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: System user names in OpenLDAP with all digits: problem?

To: Nick Urbanik <nicku@vtc.edu.hk>
Subject: Re: System user names in OpenLDAP with all digits: problem?
From: Christoph Neumann <enigma@apu.edu>
Date: Fri, 26 Oct 2001 09:11:41 -0700 (PDT)
Cc: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>, OpenLDAP software <openldap-software@OpenLDAP.org>
In-reply-to: <5.1.0.14.0.20011026082959.01728c30@127.0.0.1>

On Fri, 26 Oct 2001, Kurt D. Zeilenga wrote:

> At 08:12 PM 2001-10-25, Nick Urbanik wrote:
> >we still have the OpenLDAP server going to stratospheric CPU usage at
> >the start of each laboratory, but with nscd running, it seems almost
> >tolerable.  My desperation has lapsed into an exhausted resignation that
> >no one on this list uses LDAP to authenticate college computers,
> 
> You might try a list more focused on the LDAP applications and
> other utilities you are using.   In particular, the nssldap@padl.com
> list may be of assistance.

We run OpenLDAP in the university setting for about 10,000 active
students, staff, and faculty.  We have not had the CUP usage problems you
mention.  We are running on Linux 2.4.7 kernel on a RedHat 7.1
distribution.  We are using nscd to cache information on our main shell
server, and we are using pam-ldap from padl.com for authentication.  To
determine what is going on in your situation, you have to be more specific
about your hardware/software situation.

> >However, I want to ask if anyone knows why shadow-utils rejects user
> >names that start with a digit.
> 
> Not being familiar with Linux system admin tools (I don't use
> Linux), I can only guess.  I'd guess the tools are protecting
> the large number of applications which use the first character
> to distinguish between a user name and user id.

What, specifically, is being rejected?  We have not had problems with user
names that start with a digit.  We also have our own scripts to handle the
user creation.  Is the user creation process failing for you?

> >Could this be causing the 99.9% CPU usage from slapd?
> 
> I don't see such would have any significant impact on the
> operation of slapd.   It's more likely you are running into
> other problem(s) such as a file descriptor limit busy loop.
> If that's your problem, then this experimental patch might
> help:
>   http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/daemon.c.diff?r1=1.99.2.20&r2=1.99.2.21

Once again, knowning your environment would greatly help.

- Christoph

References:
- Re: System user names in OpenLDAP with all digits: problem?
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Sendmail + LDAP
Next by Date: Re: Get Max uidNumber ...
Index(es):
- Chronological
- Thread