https://bugzilla.novell.com/show_bug.cgi?id=242520 rhafer@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|jsuchome@novell.com |pbaudis@novell.com ------- Comment #6 from rhafer@novell.com 2007-02-13 04:54 MST ------- nss_compat indeed seems to do something different than plain nss_ldap. In its initgroups() function, it calls getgrgid() for every group that the initgroups() call of nss_ldap return. That can of course result indeed in a lot of more LDAP queries than when nss_ldap is used directly. One addtional query for each group and one addtional query for each member of that groups (when "groupOfNames" groups are used, which is our default). That will hurt especially when many large groups are used. This is a comment from the initgroups() function of nss_compat: /* For every gid in the list we get from the NSS module, get the whole group entry. We need to do this, since we need the group name to check if it is in the blacklist. In worst case, this is as twice as slow as stepping with getgrent_r through the whole group database. But for large group databases this is faster, since the user can only be in a limited number of groups. */ I have no idea what this blacklist is for that is mentioned there. Petr, Thorsten any idea how things can be improved here? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.