Bug 1157757 - When using slapi-nis to provide access to AD users to legacy clients, 389-ds threads lock on access to getgrgid_r()
Summary: When using slapi-nis to provide access to AD users to legacy clients, 389-ds ...
Status: CLOSED DUPLICATE of bug 1202996
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: slapi-nis   
(Show other bugs)
Version: 7.0
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: rc
: ---
Assignee: Alexander Bokovoy
QA Contact: Namita Soman
Tomas Capek
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 1180596 1205796 1133060 1168850 1179458 1182933 1185286 1187501 1189279
TreeView+ depends on / blocked
 
Reported: 2014-10-27 15:50 UTC by Konstantin Lepikhov
Modified: 2018-12-09 18:59 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Known Issue
Doc Text:
When the Schema Compatibility plug-in is configured to provide Active Directory (AD) users access to legacy clients using the Identity Management (IdM) cross-forest trust to AD, the 389 Directory Server can under certain conditions increase CPU consumption upon receiving a request to resolve complex group membership of an AD user.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-03-26 21:27:26 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Konstantin Lepikhov 2014-10-27 15:50:28 UTC
Description of problem:

Originally spotted in #sfdc case 01190699

Attaching strace, pstack from ns-ldap server and logs from RHEL5.

Version-Release number of selected component (if applicable):
slapi-nis-0.52-6.el7_0

How reproducible:
In customer environment

Actual results:
ns-ldapd consume 100% CPU

Expected results:
we need a mechanism to filter/cache such requests in glibc and not abuse nss_file.

Comment 11 Alexander Bokovoy 2015-02-18 15:41:57 UTC
Yes.

Comment 15 Alexander Bokovoy 2015-03-26 20:18:29 UTC
This bug is fixed with bug 1202995 and https://rhn.redhat.com/errata/RHSA-2015-0728.html in RHEL 7.1.z

Comment 16 Dmitri Pal 2015-03-26 21:27:26 UTC

*** This bug has been marked as a duplicate of bug 1202996 ***


Note You need to log in before you can comment on or make changes to this bug.