Package: desktop-profiles
Version: 1.4.13
Tags: patch
I ran into this problem when using desktop-profiles in Debian Edu with
a large LDAP directory from MS Active Directory. Because of the way
the NSS API is structured, getting the group membership if a random
user is a very slow process (need to call setgrent(), loop over
getgrent() and finish off with endgrent()), and with 15000 groups and
70 000 users, this proved to take 20-30 minutes. On the other hand,
just running 'groups' to get the current users group membership is a
quick process, because the kernel already know the group membership,
fetched at login using initgroups() which is a quick operation.
The result is that a login with desktop-profile installed takes 20-30
minutes. To avoid the problem in the common case, where the current
users membership is looked up, I propose to rewrite the listingmodule
script to call 'groups' with no argument unless a different user is
requested. I am also working on trying to speed up nss-ldapd, but
suspect it require a redesign of the NSS API, and thus will not happen
any time soon. :)
As a further optimization, I replace the groups call to use 'id -gN'
instead. This is the call used by /usr/bin/groups internally to get
the groups, and it remove the need to reformat of the output using
sed.
diff -Nru /tmp/ffrOaTouSm/desktop-profiles-1.4.14/listingmodule
/tmp/uvXTuP9rHd/desktop-profiles-1.4.15/listingmodule
--- /tmp/ffrOaTouSm/desktop-profiles-1.4.14/listingmodule 2006-06-06
11:14:23.000000000 +0200
+++ /tmp/uvXTuP9rHd/desktop-profiles-1.4.15/listingmodule 2008-05-01
23:08:04.000000000 +0200
@@ -51,9 +51,15 @@
exit;
fi;
- # initialize needed variables
- OUR_USER=${2:-$USER}
- OUR_GROUPS=`groups $OUR_USER | sed "s/^\$OUR_USER : //"`
+ # initialize needed variables. Do not give argument to groups when looking
up the current
+ # user, to avoid expensive lookup with LDAP NSS.
+ if [ -z "$2" ] || [ "$USER" = "$2" ]; then
+ OUR_USER="$USER"
+ OUR_GROUPS="`id -Gn`"
+ else
+ OUR_USER=$2
+ OUR_GROUPS="`id -Gn -- $OUR_USER`"
+ fi
# !... requirement
if (echo "$1" | grep '^!' > /dev/null) ; then
Happy hacking,
--
Petter Reinholdtsen
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
