[389-users] Large amount of users in Directory causes timeouts on client login.
Gerrard Geldenhuis
Gerrard.Geldenhuis at betfair.com
Wed Jul 21 14:37:01 UTC 2010
Hi
I have just created 20 000 users each with a private group on two masters 10 000 on each master, with the purpose of testing replication between two masters.
I did not observe any errors in access log and there is no errors logged in the error log for either of the servers.
I am seeing strange behavior though.... firstly a getent only returns 2028 rows according the wc. That is not a problem as I am aware that there is a setting somewhere that limits search size.
What is strange though is that trying to login as any user just times out on me.
if I do su - testuser39043 on a client machine
pam creates the home directory but then nothing happens ( I have configured pam to create a home dir when it does not exist)
I have the following errors in /var/log/messages
Jul 21 16:19:32 client01 -bash: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
Jul 21 16:19:37 client01 -bash: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)...
Jul 21 16:19:45 client01 -bash: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...
Eventually after a while I get the following login:
[I have no name!@client01 ~]$
with this error message before hand:
id: cannot find name for user ID 7280
When I try to su - randomname I get an immediate response back to say that the user does not exist which is true.
The console is also behaving in a strange way. I can see a number of users ( i have not increase the default limit of returned users in the console ) and when I double click on a user I get the relevant information back. However if I do a search for the same user by right clicking on people and typing in the username I don't get any results returned. When I retested the behavior for writing the email the behaviour has changed so I can now find a user when searching for it in the console but I still can't login to a box.
The two masters have almost no CPU load and is not swapping. They are virtualboxes with only 500mb ram so maybe that is the source of the problem...
I can see the request in the log file on the master server when I do a su - username on the client server but the information never gets returned back to pam.
Any thoughts or steering in the right direction would be appreciated.
The documentation states a few default indexes that gets created and I would have thought that these would be adequate for effectively finding a user in a larger database.
Regards
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
More information about the 389-users
mailing list