This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Testers needed: New passwd/group handling in Cygwin


On Feb 28 16:45, Achim Gratz wrote:
> Corinna Vinschen writes:
> > 1 second?  That sounds still a bit slow.
> 
> It appears that that there are multiple DC involved, either via
> delegation or redirection (as I've managed to get some partial group
> resolutions where groups from a particular domain were absent).  So all
> this slowness probably has to do with roundtrip times.  Based on that
> hypothesis I've done the same test again via DSL/VPN and got this:
> 
> 1:49 stock-cvs
> 1:15 getgroups
> 0:13 noldap
> 
> The times don't change all that much whether I've clogged the DSL
> connection or not, so the size of the response doesn't seem to be a
> major factor here.

I made some tests myself today, while debugging Frank's problem.  If I
had no network connection to my DC, the group names couldn't be
resolved.  This is using the stock LookupAccountSid function from
advapi32.dll so that means, the names of the groups are not cached
anywhere in LSA, not even the names of the current user's groups.

Given that, it was pretty surprising that the noldap code is so fast
compared to the getgroups version.  The LDAP connection is opened once
only, so the ldap request should be fast.  Even with a call to
LookupAccountSid and an additional call to ldap_search_st, I would
understand if the getgroups version takes twice as much as the noldap
version, but *8* times?

After some more testing it seems LookupAccountSid is asking the Global
Catalog (GC).  If I switch my LDAP queries to the GC port 3286, it's
getting a *lot* faster.  In fact, it's suddenly not 8 times slower,
but only two times, as expected.

Unfortunately that doesn't help us at all, because the POSIX attributes
are not duplicated to the GC by default, and I guess it's not exactly
helpful to ask administrators to duplicate the POSIX attributes to the
GC :(


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpWPmE9We2Y3.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]