Bug 1157757

Summary: When using slapi-nis to provide access to AD users to legacy clients, 389-ds threads lock on access to getgrgid_r()
Product: Red Hat Enterprise Linux 7 Reporter: Konstantin Lepikhov <klepikho>
Component: slapi-nisAssignee: Alexander Bokovoy <abokovoy>
Status: CLOSED DUPLICATE QA Contact: Namita Soman <nsoman>
Severity: high Docs Contact: Tomas Capek <tcapek>
Priority: unspecified    
Version: 7.0CC: abokovoy, dpal, gparente, jbuchta, mkosek, mnavrati, nalin
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Fixed In Version: Doc Type: Known Issue
Doc Text:
When the Schema Compatibility plug-in is configured to provide Active Directory (AD) users access to legacy clients using the Identity Management (IdM) cross-forest trust to AD, the 389 Directory Server can under certain conditions increase CPU consumption upon receiving a request to resolve complex group membership of an AD user.
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-26 21:27:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1133060, 1168850, 1179458, 1180596, 1182933, 1185286, 1187501, 1189279, 1205796    

Description Konstantin Lepikhov 2014-10-27 15:50:28 UTC
Description of problem:

Originally spotted in #sfdc case 01190699

Attaching strace, pstack from ns-ldap server and logs from RHEL5.

Version-Release number of selected component (if applicable):

How reproducible:
In customer environment

Actual results:
ns-ldapd consume 100% CPU

Expected results:
we need a mechanism to filter/cache such requests in glibc and not abuse nss_file.

Comment 11 Alexander Bokovoy 2015-02-18 15:41:57 UTC

Comment 15 Alexander Bokovoy 2015-03-26 20:18:29 UTC
This bug is fixed with bug 1202995 and https://rhn.redhat.com/errata/RHSA-2015-0728.html in RHEL 7.1.z

Comment 16 Dmitri Pal 2015-03-26 21:27:26 UTC

*** This bug has been marked as a duplicate of bug 1202996 ***