[Likewise-open-discuss] Slow 'id' lookups with large OU

Adam Stephens stephena at ohio.edu
Mon Aug 25 19:58:02 PDT 2008 

1.) These parameters were already set, but cache was 900. No difference when
changed.
2.) Build 2978 exhibits the same issues.
3.) Running as root or a domain user makes no difference in lookup.

-adam

-----Original Message-----
From: Gerald (Jerry) Carter [mailto:jerry at samba.org] 
Sent: Wednesday, August 20, 2008 3:00 PM
To: Adam Stephens
Cc: likewise-open-discuss at lists.likewisesoftware.com
Subject: Re: [Likewise-open-discuss] Slow 'id' lookups with large OU

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adam Stephens wrote:

> Another note, this causes one of the processes to peg 
> one of the CPU cores at 100%.

This should be temporary.  But would you send me the
files in /var/log/lwidentity/* to examine?

> After some more testing, I found out that at least 
> one of our large groups may be causing this delay.
> With the user in just Domain Users, the lookup takes
> .004s. After adding the user to our large Faculty/Staff
> group, the lookup jumps to 33s. Quite a large delay.
> Since Domain Users has all 120K+ users, I can only
> guess its quick since it's the user's default group?

Actually we have a special case in place for domain
users since it almost always has a large number of members.
The issue is in filling in the group member list for
the getgrgid() call.  The same thing is that the NSS
interface does not have a gid2name call that does not fill
in the member list.

A couple of things to try to alleviate this problem.

   1) make sure that the following parameters are
      set in /etc/samba/lwiauthd.conf
         winbind cache time = 1800
         winbind expand groups = 1

   2) Test and see if build 2978 behaves any better
      It will be posted to the likewisesoftware.com/community/
      pages later today.

> What other information would help?

If the above suggestions don't resolve this, then I can
look at generalizing the special case we have for domain
users for all groups.

one more question.  Are you running `id` as the user or
as root?



cheers, jerry
- --
=====================================================================
Samba                                    ------- http://www.samba.org
Likewise Software          ---------  http://www.likewisesoftware.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIrGmnIR7qMdg1EfYRAiZ6AKDulB2ApqGddaNnrW5pmNOMchU3QQCgokwD
CGyhtaVj0arZLEcLz60Hwwg=
=l39M
-----END PGP SIGNATURE-----

More information about the Likewise-open-discuss mailing list