Re: useradd and groupadd taking +10 minutes when -r flag is used
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: useradd and groupadd taking +10 minutes when -r flag is used
- From: Jakub Hrozek <jhrozek [at] redhat.com>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: useradd and groupadd taking +10 minutes when -r flag is used
- Date: Thu, 28 Jul 2016 09:46:30 +0200
On Wed, Jul 27, 2016 at 04:28:17PM +0000, Dan Finn wrote:
> Hello,
>
> It looks like we are seeing something odd on our servers that have nslcd
> enabled. If you use the –r flag when using groupadd or useradd I’ve seen
> timings of 10 to +15 minutes to create a user or group. Running
> groupadd/useradd without –r shows no delay. This is happening on both our
> CentOS (6.8) and our Ubuntu (14.04) hosts running nss-pam-ldapd versions
> 0.7.5-32 and 0.8.13 respectively.
>
> I used tcpdump to capture what was happening and then took a look at it with
> wireshark. It looks like if you add the –r flag it’s doing a search for a
> whole list of group ids (I only ran groupadd for the tcpdump), almost like
> it’s scanning or iterating over a range of gids. When I compare this to the
> tcpdump output from groupadd without the –r flag it appears that it just does
> 2 queries to make sure that the group that you’re requesting to create
> doesn’t already exist.
>
> I’ve included a screenshot of wireshark showing the repeated searches
> iterating through a range of gids. Has anyone else run into this? Could it
> be an issue with my config or something wrong on the AD server or is this a
> problem with nslcd?
This is a bug in shadow-utils, nothing to do with nss-pam-ldapd. In Red
Hat bugzilla it's being tracked as (sorry, I don't know the upstream bug
tracker ID):
https://bugzilla.redhat.com/show_bug.cgi?id=1279321
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
