[389-users] Large amount of users in Directory causes timeouts on client login.
Rich Megginson
rmeggins at redhat.com
Wed Jul 21 14:54:34 UTC 2010
Gerrard Geldenhuis wrote:
> Hi
> I have just created 20 000 users each with a private group on two masters 10 000 on each master, with the purpose of testing replication between two masters.
>
> I did not observe any errors in access log and there is no errors logged in the error log for either of the servers.
>
> I am seeing strange behavior though.... firstly a getent only returns 2028 rows according the wc. That is not a problem as I am aware that there is a setting somewhere that limits search size.
>
> What is strange though is that trying to login as any user just times out on me.
> if I do su - testuser39043 on a client machine
> pam creates the home directory but then nothing happens ( I have configured pam to create a home dir when it does not exist)
> I have the following errors in /var/log/messages
> Jul 21 16:19:32 client01 -bash: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
> Jul 21 16:19:37 client01 -bash: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)...
> Jul 21 16:19:45 client01 -bash: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...
>
> Eventually after a while I get the following login:
> [I have no name!@client01 ~]$
>
> with this error message before hand:
> id: cannot find name for user ID 7280
>
> When I try to su - randomname I get an immediate response back to say that the user does not exist which is true.
>
> The console is also behaving in a strange way. I can see a number of users ( i have not increase the default limit of returned users in the console ) and when I double click on a user I get the relevant information back. However if I do a search for the same user by right clicking on people and typing in the username I don't get any results returned. When I retested the behavior for writing the email the behaviour has changed so I can now find a user when searching for it in the console but I still can't login to a box.
>
> The two masters have almost no CPU load and is not swapping. They are virtualboxes with only 500mb ram so maybe that is the source of the problem...
>
> I can see the request in the log file on the master server when I do a su - username on the client server but the information never gets returned back to pam.
>
> Any thoughts or steering in the right direction would be appreciated.
>
run logconv.pl
> The documentation states a few default indexes that gets created and I would have thought that these would be adequate for effectively finding a user in a larger database.
>
> Regards
>
> ________________________________________________________________________
> In order to protect our email recipients, Betfair Group use SkyScan from
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> ________________________________________________________________________
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
More information about the 389-users
mailing list