#799 RFC2307bis 'id' lookups are prohibitively slow
Closed: Fixed None Opened 13 years ago by sgallagh.

For an LDAP setup using RFC2307bis with many users and nested groups, performing

id username

can take as long as several minutes to complete.

Jakub did an initial investigation into the code and discovered that we aren't using the {{{sysdb_add_fake_user()}}} routine in the RFC2307bis nested group processing, which means that we're resorting to looking up all of the users in those groups. This is very slow.


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.6.0
priority: critical => blocker

Fields changed

patch: => 1
status: new => assigned

Fixed in master:

77bc3d9

c18bd9d

6b95a91

7bdaf2a

resolution: => fixed
status: assigned => closed

The problem still exists in 1.6.3

resolution: fixed =>
rhbz: =>
status: closed => reopened

Fields changed

milestone: SSSD 1.6.0 => NEEDS_TRIAGE

This request has been coming from several different users running in different environments. I would propose that we gather as much info from the users before we decide on where to optimize.

I think that a systemtap script that generates a callgraph with statistics about how much time do we spend in different functions and perhaps how much time we spend waiting on I/O (both disk and network) would help us here. Then we would at least know whether we should spend time parallelizing the lookups or perhaps profiling the memberof plugin some more..

Replying to [comment:5 mmoeller]:

The problem still exists in 1.6.3

Marcus, can you measure how slow initgroups are for you?

I would like to ask you to:
1. clear the caches
2. run "id -G $username"

The -G parameter is important - that would make sure only initgroups is performed and "id" would then output the GID numbers of the groups user is a member of. Without the -G parameter, "id" then calls getgrgid() on all the group GIDs which may be very slow (and may not be fixable).

Thank you!

Also when running the test, would you mind telling us how big the group structure is? In other words, how many groups does the user belong to?

Fields changed

blockedby: =>
blocking: =>
milestone: NEEDS_TRIAGE => SSSD Deferred

Fields changed

priority: blocker => minor

The issue is already fixed in 1.6. The bug was reopened by mistake.

milestone: SSSD Deferred => SSSD 1.6.0
resolution: => fixed
status: reopened => closed

Metadata Update from @sgallagh:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.6.0

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1841

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata