Red Hat Bugzilla – Full Text Bug Listing
|Summary:||nscd fails with big group in ldap|
|Product:||Red Hat Enterprise Linux 3||Reporter:||Kim Sandberg <ksan>|
|Component:||glibc||Assignee:||Jakub Jelinek <jakub>|
|Status:||CLOSED ERRATA||QA Contact:|
|Version:||3.0||CC:||drepper, petr.adamec, pmatilai, roland|
|Fixed In Version:||RHBA-2005-096||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2005-05-18 10:00:15 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Kim Sandberg 2005-02-08 08:26:26 EST
Description of problem: When connecting RHEL to a ldap server that has a group with around 7000 members the nscd wont resolv the name of that group: $ groups id: cannot find name for group ID 1015 1015 group2 group3 group3 group4 If you turn off nscd everything works but it is slow. With FC3 this is working without problems. When running nscd -d -d -d the output is the following: 16273: handle_request: request received (Version = 2) from PID 18322 16273: GETGRBYGID (1015) 16273: cannot write result: Success Version-Release number of selected component (if applicable): nscd-2.3.2-95.30 How reproducible: Always Steps to Reproduce: 1. Make a Ldap group with 7000 members. 2. add user to group and with nscd running run: id user 3. then turn off nscd and run: id user Additional info:
Comment 1 Jakub Jelinek 2005-02-22 04:48:08 EST
Can you please run both nscd -d -d -d and id under strace and attach that output here?
Comment 2 Kim Sandberg 2005-02-22 09:38:49 EST
Created attachment 111296 [details] Strace output of id command
Comment 3 Kim Sandberg 2005-02-22 09:39:51 EST
Created attachment 111297 [details] Strace output of nscd -d -d -d
Comment 6 Jakub Jelinek 2005-02-22 15:52:50 EST
nscd and nscd client code in libc wasn't expecting partial reads or writes that can happen with really large requests. http://sources.redhat.com/ml/libc-hacker/2005-02/msg00060.html is (so far lightly) tested fix for glibc CVS, will backport that to RHEL4 U1 and RHEL3 U5 soon.
Comment 7 Jakub Jelinek 2005-02-23 09:59:07 EST
A fixed RHEL3 glibc candidate at ftp://people.redhat.com/jakub/glibc/2.3.2-95.33/
Comment 8 Kim Sandberg 2005-02-28 06:23:23 EST
I tried this version and groups seem to work ok now. But for some reason I now seem to get problems with uid. nscd now sometimes (quite often) looses the user information. I open a new xterm it complains that: id: cannot find name for user ID xxxx Running "id" without parameters shows the number but group names are still resolved. But running "id username" then it starts working when opening new xterms also for a while until it then again stops working.
Comment 9 Jakub Jelinek 2005-02-28 13:11:23 EST
Can you please stop nscd, run strace -o /tmp/nscd.strace /usr/sbin/nscd -d -d -d > /tmp/nscd.log 2>&1 & /usr/sbin/nscd -i password /usr/sbin/nscd -i group and now run the strace -o /tmp/id.log1 /usr/bin/id (or whatever results in the failure to look up username) and then strace -o /tmp/id.log2 /usr/bin/id username ? Thanks.
Comment 10 Kim Sandberg 2005-03-02 02:47:02 EST
Hi. It appeared to ba a missing index for uidnumber in my ldap server that caused this behaviour. It works ok now when I added the index.
Comment 11 Jakub Jelinek 2005-03-02 03:13:00 EST
Thanks. Assuming all is fixed then.
Comment 12 Petr Adamec 2005-03-20 17:19:07 EST
Hi Jakub, I have the same problem with Novell LDAP (I have small group) on RHEL4. Do you want some (or the same) output from strace? Regards Petr Adamec
Comment 13 Petr Adamec 2005-03-22 11:07:45 EST
(In reply to comment #0) > Description of problem: > When connecting RHEL to a ldap server that has a group with around > 7000 members the nscd wont resolv the name of that group: > > > $ groups > id: cannot find name for group ID 1015 > 1015 group2 group3 group3 group4 > > If you turn off nscd everything works but it is slow. > > With FC3 this is working without problems. > > When running nscd -d -d -d the output is the following: > > 16273: handle_request: request received (Version = 2) from PID 18322 > 16273: GETGRBYGID (1015) > 16273: cannot write result: Success > > > > Version-Release number of selected component (if applicable): > nscd-2.3.2-95.30 > > How reproducible: > Always > > Steps to Reproduce: > 1. Make a Ldap group with 7000 members. > 2. add user to group and with nscd running run: id user > 3. then turn off nscd and run: id user > > > Additional info: I have the same problem even with a group of two members... :-(
Comment 14 Tim Powers 2005-05-18 10:00:16 EDT
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-256.html