Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Directory (http://www.linux-archive.org/fedora-directory/)
-   -   Large amount of users in Directory causes timeouts on client login. (http://www.linux-archive.org/fedora-directory/402186-large-amount-users-directory-causes-timeouts-client-login.html)

Gerrard Geldenhuis 07-21-2010 02:37 PM

Large amount of users in Directory causes timeouts on client login.
 
Hi
I have just created 20 000 users each with a private group on two masters 10 000 on each master, with the purpose of testing replication between two masters.

I did not observe any errors in access log and there is no errors logged in the error log for either of the servers.

I am seeing strange behavior though.... firstly a getent only returns 2028 rows according the wc. That is not a problem as I am aware that there is a setting somewhere that limits search size.

What is strange though is that trying to login as any user just times out on me.
if I do su - testuser39043 on a client machine
pam creates the home directory but then nothing happens ( I have configured pam to create a home dir when it does not exist)
I have the following errors in /var/log/messages
Jul 21 16:19:32 client01 -bash: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
Jul 21 16:19:37 client01 -bash: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)...
Jul 21 16:19:45 client01 -bash: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...

Eventually after a while I get the following login:
[I have no name!@client01 ~]$

with this error message before hand:
id: cannot find name for user ID 7280

When I try to su - randomname I get an immediate response back to say that the user does not exist which is true.

The console is also behaving in a strange way. I can see a number of users ( i have not increase the default limit of returned users in the console ) and when I double click on a user I get the relevant information back. However if I do a search for the same user by right clicking on people and typing in the username I don't get any results returned. When I retested the behavior for writing the email the behaviour has changed so I can now find a user when searching for it in the console but I still can't login to a box.

The two masters have almost no CPU load and is not swapping. They are virtualboxes with only 500mb ram so maybe that is the source of the problem...

I can see the request in the log file on the master server when I do a su - username on the client server but the information never gets returned back to pam.

Any thoughts or steering in the right direction would be appreciated.

The documentation states a few default indexes that gets created and I would have thought that these would be adequate for effectively finding a user in a larger database.

Regards

__________________________________________________ ______________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.

__________________________________________________ ______________________
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Rich Megginson 07-21-2010 02:54 PM

Large amount of users in Directory causes timeouts on client login.
 
Gerrard Geldenhuis wrote:
> Hi
> I have just created 20 000 users each with a private group on two masters 10 000 on each master, with the purpose of testing replication between two masters.
>
> I did not observe any errors in access log and there is no errors logged in the error log for either of the servers.
>
> I am seeing strange behavior though.... firstly a getent only returns 2028 rows according the wc. That is not a problem as I am aware that there is a setting somewhere that limits search size.
>
> What is strange though is that trying to login as any user just times out on me.
> if I do su - testuser39043 on a client machine
> pam creates the home directory but then nothing happens ( I have configured pam to create a home dir when it does not exist)
> I have the following errors in /var/log/messages
> Jul 21 16:19:32 client01 -bash: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
> Jul 21 16:19:37 client01 -bash: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)...
> Jul 21 16:19:45 client01 -bash: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...
>
> Eventually after a while I get the following login:
> [I have no name!@client01 ~]$
>
> with this error message before hand:
> id: cannot find name for user ID 7280
>
> When I try to su - randomname I get an immediate response back to say that the user does not exist which is true.
>
> The console is also behaving in a strange way. I can see a number of users ( i have not increase the default limit of returned users in the console ) and when I double click on a user I get the relevant information back. However if I do a search for the same user by right clicking on people and typing in the username I don't get any results returned. When I retested the behavior for writing the email the behaviour has changed so I can now find a user when searching for it in the console but I still can't login to a box.
>
> The two masters have almost no CPU load and is not swapping. They are virtualboxes with only 500mb ram so maybe that is the source of the problem...
>
> I can see the request in the log file on the master server when I do a su - username on the client server but the information never gets returned back to pam.
>
> Any thoughts or steering in the right direction would be appreciated.
>
run logconv.pl
> The documentation states a few default indexes that gets created and I would have thought that these would be adequate for effectively finding a user in a larger database.
>
> Regards
>
> __________________________________________________ ______________________
> In order to protect our email recipients, Betfair Group use SkyScan from
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> __________________________________________________ ______________________
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


All times are GMT. The time now is 09:03 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.