Bug 147478 - nscd fails with big group in ldap
nscd fails with big group in ldap
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: glibc (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-08 08:26 EST by Kim Sandberg
Modified: 2007-11-30 17:07 EST (History)
4 users (show)

See Also:
Fixed In Version: RHBA-2005-096
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-18 10:00:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Strace output of id command (1.66 KB, application/octet-stream)
2005-02-22 09:38 EST, Kim Sandberg
no flags Details
Strace output of nscd -d -d -d (7.08 KB, application/octet-stream)
2005-02-22 09:39 EST, Kim Sandberg
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Sourceware 769 None None None Never

  None (edit)
Description Kim Sandberg 2005-02-08 08:26:26 EST
Description of problem:
When connecting RHEL to a ldap server that has a group with around
7000 members the nscd wont resolv the name of that group:


$ groups
id: cannot find name for group ID 1015
1015 group2 group3 group3 group4

If you turn off nscd everything works but it is slow.

With FC3 this is working without problems.

When running nscd -d -d -d the output is the following:

16273: handle_request: request received (Version = 2) from PID 18322
16273:  GETGRBYGID (1015)
16273: cannot write result: Success



Version-Release number of selected component (if applicable):
nscd-2.3.2-95.30

How reproducible:
Always

Steps to Reproduce:
1. Make a Ldap group with 7000 members.
2. add user to group and with nscd running run: id user
3. then turn off nscd and run: id user 


Additional info:
Comment 1 Jakub Jelinek 2005-02-22 04:48:08 EST
Can you please run both nscd -d -d -d and id under strace and attach that output
here?
Comment 2 Kim Sandberg 2005-02-22 09:38:49 EST
Created attachment 111296 [details]
Strace output of id command
Comment 3 Kim Sandberg 2005-02-22 09:39:51 EST
Created attachment 111297 [details]
Strace output of nscd -d -d -d
Comment 6 Jakub Jelinek 2005-02-22 15:52:50 EST
nscd and nscd client code in libc wasn't expecting partial reads or writes
that can happen with really large requests.
http://sources.redhat.com/ml/libc-hacker/2005-02/msg00060.html
is (so far lightly) tested fix for glibc CVS, will backport that to RHEL4 U1 and
RHEL3 U5 soon.
Comment 7 Jakub Jelinek 2005-02-23 09:59:07 EST
A fixed RHEL3 glibc candidate at ftp://people.redhat.com/jakub/glibc/2.3.2-95.33/
Comment 8 Kim Sandberg 2005-02-28 06:23:23 EST
I tried this version and groups seem to work ok now.
But for some reason I now seem to get problems with uid.

nscd now sometimes (quite often) looses the user information.
I open a new xterm it complains that:
id: cannot find name for user ID xxxx
Running "id" without parameters shows the number but group names are
still resolved.
But running "id username" then it starts working when opening new
xterms also for a while until it then again stops working.
Comment 9 Jakub Jelinek 2005-02-28 13:11:23 EST
Can you please stop nscd, run
strace -o /tmp/nscd.strace /usr/sbin/nscd -d -d -d > /tmp/nscd.log 2>&1 &
/usr/sbin/nscd -i password
/usr/sbin/nscd -i group
and now run the strace -o /tmp/id.log1 /usr/bin/id (or whatever results in the
failure to look up username)
and then strace -o /tmp/id.log2 /usr/bin/id username
?
Thanks.
Comment 10 Kim Sandberg 2005-03-02 02:47:02 EST
Hi.

It appeared to ba a missing index for uidnumber in my ldap server that
caused this behaviour.
It works ok now when I added the index.
Comment 11 Jakub Jelinek 2005-03-02 03:13:00 EST
Thanks.  Assuming all is fixed then.
Comment 12 Petr Adamec 2005-03-20 17:19:07 EST
Hi Jakub,

I have the same problem with Novell LDAP (I have small group) on RHEL4. Do you
want some (or the same) output from strace?

Regards Petr Adamec
Comment 13 Petr Adamec 2005-03-22 11:07:45 EST
(In reply to comment #0)
> Description of problem:
> When connecting RHEL to a ldap server that has a group with around
> 7000 members the nscd wont resolv the name of that group:
> 
> 
> $ groups
> id: cannot find name for group ID 1015
> 1015 group2 group3 group3 group4
> 
> If you turn off nscd everything works but it is slow.
> 
> With FC3 this is working without problems.
> 
> When running nscd -d -d -d the output is the following:
> 
> 16273: handle_request: request received (Version = 2) from PID 18322
> 16273:  GETGRBYGID (1015)
> 16273: cannot write result: Success
> 
> 
> 
> Version-Release number of selected component (if applicable):
> nscd-2.3.2-95.30
> 
> How reproducible:
> Always
> 
> Steps to Reproduce:
> 1. Make a Ldap group with 7000 members.
> 2. add user to group and with nscd running run: id user
> 3. then turn off nscd and run: id user 
> 
> 
> Additional info:

I have the same problem even with a group of two members... :-(
Comment 14 Tim Powers 2005-05-18 10:00:16 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-256.html

Note You need to log in before you can comment on or make changes to this bug.