On Wed, 2012-06-27 at 14:53 +0200, Jan Engelhardt wrote:
On Tuesday 2012-06-26 17:43, Stephen Gallagher wrote:
>
>Actually, it most certainly is cached locally. If it was going to LDAP
>50,000 times, it would take you MUCH longer than 8.5s to get results
>back. Naturally, looking up results in a local file is faster than
>getting it out of the SSSD's cache database. However, we have sped this
>up considerably in SSSD 1.9.0 (currently in beta). We now maintain a
>second, in-memory cache for requests that is much faster than
>communicating across the socket to the sssd_nss process and then reading
>from the database (and processing group nested members).
>
>So if you wanted to test our latest nightlies with this program, I think
>you'd find it responding much faster.
Yes, I do. But for a different reason: 1.8.93 does not retrive
any groups whatsoever from LDAP anymore. What broke there?
(`getent groups someldapgroup` yields no output anymore.)
I skimmed over the changelog earlier and noticed that there
was some change with respect to groups (ignored when no "name"
attribute, was it?) The LDAP entry for (an empty group) looks like
# clients, groups, woven
dn: cn=clients,ou=groups,o=woven
objectClass: groupOfNames
objectClass: posixGroup
cn: clients
gidNumber: 100000
member: cn=clients,ou=groups,o=woven
and was previously properly returned in sssd-1.8.3.
Hmm, that's very concerning. Can you get debug logs of that? (Obviously,
nightlies tend to be in flux, but I hadn't seen anything go this wrong
lately...)