Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=182464
Andreas Mueller <afm(a)othello.ch> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |afm(a)othello.ch
--- Comment #46 from Andreas Mueller <afm(a)othello.ch> 2010-04-21 06:16:39 EDT ---
The root cause apparently has not been investigated yet. Reading the
source code of dbus-daemon has revealed the following:
dbus-daemon reads all the groups of the user root when it parses
the user="root" attributes in the configuration file. This triggers
many ldap lookups, that trigger the exponential back off of the
bind_policy hard setting in /etc/ldap.conf. So parsing the config
file takes long, and dbus-daemon forks only after parsing the config.
At that point, the boot continues.
The point is that dbus-daemon has a logical error in it. It is
not necessary to read the list of groups of a user ever. Such a
list is dynamic, it changes when naming services become available,
or when the ldap contents are changed. So dbus-daemon should rather
check group memberships when it needs to, i.e. when it has to
authorize a request. This could be done much more efficiently
using the getgrent family of calls instead of the getgrouplist
call dbus-daemon is currently using.
So I propose that the upstream providers of dbus-daemon are contacted
to get dbus-daemon fixed. Possible fixes;
1. quick and dirty: add an option to stop dbus-daemon from expanding
group lists.
2. fix the logical error, don't use getgrouplist, check group membership
late and rely on nscd's caching mechanism for performance.
--
Configure bugmail:
https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.