[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [Fwd: constant lookups causing a lot of load]



On 10 September 2003, Jeremy Hansen <jeremy@methanesea.com> wrote:
[...]
> Let me ask a question here.  I thought that depending on the ordering
> of what you have in your nsswitch.conf was supposed to determine at
> what level things get passed off to get a positive resolution.  So, if
> I have:
>
>       group: files ldap
>
> nss_ldap should check files, if it finds what it needs in files then  
> it stop there and ldap doesn't get touched.  If files fails, then it  
> moves on to ldap.  This doesn't seems to be the case.  Every person   
> that touches the web server and every thread that gets spawned causes 
> a lookup in the ldap database.                                        
>
> Let me know what I'm missing.  I really need to get this fixed as it's
> just causing load for no reason at this point.

    You don't understand how supplementary groups work.  Given an UID,
ALL groups must be queried in order to find out which have the named UID
as a member and calculate an access list.

    Regards,

    Liviu Daia

-- 
Dr. Liviu Daia               e-mail:   Liviu.Daia@imar.ro
Institute of Mathematics     web page: http://www.imar.ro/~daia
of the Romanian Academy      PGP key:  http://www.imar.ro/~daia/daia.asc