Red Hat Bugzilla – Bug 147478
nscd fails with big group in ldap
Last modified: 2007-11-30 17:07:06 EST
Description of problem:
When connecting RHEL to a ldap server that has a group with around
7000 members the nscd wont resolv the name of that group:
id: cannot find name for group ID 1015
1015 group2 group3 group3 group4
If you turn off nscd everything works but it is slow.
With FC3 this is working without problems.
When running nscd -d -d -d the output is the following:
16273: handle_request: request received (Version = 2) from PID 18322
16273: GETGRBYGID (1015)
16273: cannot write result: Success
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Make a Ldap group with 7000 members.
2. add user to group and with nscd running run: id user
3. then turn off nscd and run: id user
Can you please run both nscd -d -d -d and id under strace and attach that output
Created attachment 111296 [details]
Strace output of id command
Created attachment 111297 [details]
Strace output of nscd -d -d -d
nscd and nscd client code in libc wasn't expecting partial reads or writes
that can happen with really large requests.
is (so far lightly) tested fix for glibc CVS, will backport that to RHEL4 U1 and
RHEL3 U5 soon.
A fixed RHEL3 glibc candidate at ftp://people.redhat.com/jakub/glibc/2.3.2-95.33/
I tried this version and groups seem to work ok now.
But for some reason I now seem to get problems with uid.
nscd now sometimes (quite often) looses the user information.
I open a new xterm it complains that:
id: cannot find name for user ID xxxx
Running "id" without parameters shows the number but group names are
But running "id username" then it starts working when opening new
xterms also for a while until it then again stops working.
Can you please stop nscd, run
strace -o /tmp/nscd.strace /usr/sbin/nscd -d -d -d > /tmp/nscd.log 2>&1 &
/usr/sbin/nscd -i password
/usr/sbin/nscd -i group
and now run the strace -o /tmp/id.log1 /usr/bin/id (or whatever results in the
failure to look up username)
and then strace -o /tmp/id.log2 /usr/bin/id username
It appeared to ba a missing index for uidnumber in my ldap server that
caused this behaviour.
It works ok now when I added the index.
Thanks. Assuming all is fixed then.
I have the same problem with Novell LDAP (I have small group) on RHEL4. Do you
want some (or the same) output from strace?
Regards Petr Adamec
(In reply to comment #0)
> Description of problem:
> When connecting RHEL to a ldap server that has a group with around
> 7000 members the nscd wont resolv the name of that group:
> $ groups
> id: cannot find name for group ID 1015
> 1015 group2 group3 group3 group4
> If you turn off nscd everything works but it is slow.
> With FC3 this is working without problems.
> When running nscd -d -d -d the output is the following:
> 16273: handle_request: request received (Version = 2) from PID 18322
> 16273: GETGRBYGID (1015)
> 16273: cannot write result: Success
> Version-Release number of selected component (if applicable):
> How reproducible:
> Steps to Reproduce:
> 1. Make a Ldap group with 7000 members.
> 2. add user to group and with nscd running run: id user
> 3. then turn off nscd and run: id user
> Additional info:
I have the same problem even with a group of two members... :-(
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.