useradd and groupadd taking +10 minutes when -r flag is used

[Dan Finn <Dan.Finn [at] plansource.com>]

Hello,

It looks like we are seeing something odd on our servers that have nslcd enabled.  If you use the –r flag when using groupadd or useradd I’ve seen timings of 10 to +15 minutes to create a user or group.  Running groupadd/useradd without –r shows no delay.  This is happening on both our CentOS (6.8) and our Ubuntu (14.04) hosts running nss-pam-ldapd versions 0.7.5-32 and 0.8.13 respectively.

I used tcpdump to capture what was happening and then took a look at it with wireshark.  It looks like if you add the –r flag it’s doing a search for a whole list of group ids (I only ran groupadd for the tcpdump), almost like it’s scanning or iterating over a range of gids.  When I compare this to the tcpdump output from groupadd without the –r flag it appears that it just does 2 queries to make sure that the group that you’re requesting to create doesn’t already exist.

I’ve included a screenshot of wireshark showing the repeated searches iterating through a range of gids.  Has anyone else run into this?  Could it be an issue with my config or something wrong on the AD server or is this a problem with nslcd?

Thanks,

Dan

Dan Finn
Systems Engineer - Linux/MySQL
PlanSource  – One Source. Many Benefits.

Cell: 530-386-2618
Work: 801-869-2844
What I Stand For: Engineering Solutions

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/