Description of problem: When connecting RHEL to a ldap server that has a group with around 7000 members the nscd wont resolv the name of that group: $ groups id: cannot find name for group ID 1015 1015 group2 group3 group3 group4 If you turn off nscd everything works but it is slow. With FC3 this is working without problems. When running nscd -d -d -d the output is the following: 16273: handle_request: request received (Version = 2) from PID 18322 16273: GETGRBYGID (1015) 16273: cannot write result: Success Version-Release number of selected component (if applicable): nscd-2.3.2-95.30 How reproducible: Always Steps to Reproduce: 1. Make a Ldap group with 7000 members. 2. add user to group and with nscd running run: id user 3. then turn off nscd and run: id user Additional info:
Can you please run both nscd -d -d -d and id under strace and attach that output here?
Created attachment 111296 [details] Strace output of id command
Created attachment 111297 [details] Strace output of nscd -d -d -d
nscd and nscd client code in libc wasn't expecting partial reads or writes that can happen with really large requests. http://sources.redhat.com/ml/libc-hacker/2005-02/msg00060.html is (so far lightly) tested fix for glibc CVS, will backport that to RHEL4 U1 and RHEL3 U5 soon.
A fixed RHEL3 glibc candidate at ftp://people.redhat.com/jakub/glibc/2.3.2-95.33/
I tried this version and groups seem to work ok now. But for some reason I now seem to get problems with uid. nscd now sometimes (quite often) looses the user information. I open a new xterm it complains that: id: cannot find name for user ID xxxx Running "id" without parameters shows the number but group names are still resolved. But running "id username" then it starts working when opening new xterms also for a while until it then again stops working.
Can you please stop nscd, run strace -o /tmp/nscd.strace /usr/sbin/nscd -d -d -d > /tmp/nscd.log 2>&1 & /usr/sbin/nscd -i password /usr/sbin/nscd -i group and now run the strace -o /tmp/id.log1 /usr/bin/id (or whatever results in the failure to look up username) and then strace -o /tmp/id.log2 /usr/bin/id username ? Thanks.
Hi. It appeared to ba a missing index for uidnumber in my ldap server that caused this behaviour. It works ok now when I added the index.
Thanks. Assuming all is fixed then.
Hi Jakub, I have the same problem with Novell LDAP (I have small group) on RHEL4. Do you want some (or the same) output from strace? Regards Petr Adamec
(In reply to comment #0) > Description of problem: > When connecting RHEL to a ldap server that has a group with around > 7000 members the nscd wont resolv the name of that group: > > > $ groups > id: cannot find name for group ID 1015 > 1015 group2 group3 group3 group4 > > If you turn off nscd everything works but it is slow. > > With FC3 this is working without problems. > > When running nscd -d -d -d the output is the following: > > 16273: handle_request: request received (Version = 2) from PID 18322 > 16273: GETGRBYGID (1015) > 16273: cannot write result: Success > > > > Version-Release number of selected component (if applicable): > nscd-2.3.2-95.30 > > How reproducible: > Always > > Steps to Reproduce: > 1. Make a Ldap group with 7000 members. > 2. add user to group and with nscd running run: id user > 3. then turn off nscd and run: id user > > > Additional info: I have the same problem even with a group of two members... :-(
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-256.html