Re: error writing to client: broken pipe nslcd

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: error writing to client: broken pipe nslcd
Date: Sat, 02 Feb 2013 13:17:19 +0100

On Tue, 2013-01-29 at 07:52 +0100, Marcus Moeller wrote:
> The maximum number of objects that can be lookedup on one query is 
> limited on AD side, here.

nslcd should automatically do paged attribute retrieval if required.

> > Do you know for which requests these messages are happening often (run
> > nslcd in debug mode to find out)?
> 
> It happens when initgroups() is called which is on login, the first time.

Can you provide nslcd debug output? It could help pinpoint the issue.

On my system on ssh login with a password prompt nine getpwnam() calls
and two initgroups(), getspnam() and getpwuid() calls.

> sssd offers a parameter to prevent this behavior:
> 
>      nss_getgrent_skipmembers yes

nslcd does this by default already when doing the initgroups() lookup
(but not when doing normal getgrnam() or setgrent() calls).

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Re: error writing to client: broken pipe nslcd, (continued)

Prev by Date: mapping uidNumber
Next by Date: Re: RPM packaging for version 0.8.12
Previous by thread: Re: error writing to client: broken pipe nslcd
Next by thread: mapping uidNumber