Bug 646329 - taking a long time to get a result of getent group when the group has a large number of users
taking a long time to get a result of getent group when the group has a large...
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: nss_ldap (Show other bugs)
All Linux
medium Severity medium
: rc
: ---
Assigned To: Nalin Dahyabhai
Ondrej Moriš
Depends On:
Blocks: 590060
  Show dependency treegraph
Reported: 2010-10-25 03:40 EDT by Masahiro Matsuya
Modified: 2011-07-21 04:03 EDT (History)
4 users (show)

See Also:
Fixed In Version: nss_ldap-253-39.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-07-21 04:03:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Masahiro Matsuya 2010-10-25 03:40:44 EDT
Description of problem:

A customer has some very large groups, and it takes a long time for their membership to be transferred via ldap which excessively delays our applications.

Their largest group takes almost three minutes to look up:

 rhel5 ~ # time getent group students
 real    2m53.334s

This group has about 23000 users in it.

This can be fixed by a fix of http://bugzilla.padl.com/show_bug.cgi?id=293.
This added the nss_getgrent_skipmembers option, allowing group members not to be returned via ldap.

Actually, this customer confirmed the fix on their environment.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. configure the ldap server and ldap client
2. create a group with a large number of users. (In case of this customer, it's about 23000 users)
3. run getent
Actual results:
it takes a long time to get a result of getent group when the group has a large number of users.

Expected results:
getent group returns the result in a short time.
Comment 6 errata-xmlrpc 2011-07-21 04:03:37 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.