Bug#717235: proftpd requests the whole passwd database at each login
Marco d'Itri
md at linux.it
Fri Jul 19 10:53:13 UTC 2013
On Jul 19, Arthur de Jong <adejong at debian.org> wrote:
> Are you saying there is a significant performance difference when
> running "getent passwd" (or running proftpd) in your environment between
> libnss-ldap and libnss-ldapd?
Yes: "getent passwd" works on both systems, but when I switch from
libnss-ldap to libnss-ldapd proftpd generates tens of Mbps of LDAP
traffic with these "all" queries.
I have a theory, but I have not verified it by looking at the code:
I can see in the nslcd debug log that "passwd(all)" is requested, but
then only a few lines are listed in the log (and IIRC they are followed
by an error which suggests that the client stopped requesting data).
So I wonder if the problem is that:
- proftpd requests passwd(all)
- but it only looks at the first few results and then calls endpwent(3)
or something like this
- libnss-ldap then would immediately stop requesting records from the
LDAP server
- but libnss-ldapd uses nslcd which is persistent, so nslcd would still
receive all data even if the client does not care anymore
Does this look reasonable to you?
If it is true then I do not think that it would be a libnss-ldapd bug.
--
ciao,
Maro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-proftpd-maintainers/attachments/20130719/c8bb23c7/attachment.sig>
More information about the Pkg-proftpd-maintainers
mailing list