Solution for using alot or large groups with slow nss backends like nss_ldap

Simon Matter simon.matter at ch.sauter-bc.com
Fri Dec 17 05:20:22 EST 2004


I've just implemented a quick fix for an issue I've been having recently
and from searching google it seems that I'm not the only one. I've
included the feature into the current Invoca cyrus-imapd rpm package but
maybe it's also useful for others.

The groupcache related files are here:
http://www.invoca.ch/pub/packages/cyrus-imapd/scripts/groupcache/

The source rpm is here as usual:
http://www.invoca.ch/pub/packages/cyrus-imapd/

Below is a cut'n'paste from the README file. Feedback as always welcome.

Regards,
Simon


>From the README:
If you have a lot of groups or very large groups, cyrus-imapd login can
become quite slow due to the way cyrus-imapd handles groups. This may
become worse when using nss_ldap or other slow nss backends to resolve
groups. Caching using nscd can increase speed dramatically but
unfortunately not for all functions cyrus-imapd uses. nscd helps speeding
up getgrnam() calls but not getgrent() calls, which are used by
cyrus-imapd to get a complete list of all groups available.
The groupfile patch implements a quick fix to the problem by using a
separate group.cache file to speed up those operations using getgrent()
calls.
Calls to getgrnam() are not touched which means that the group.cache file
must be kept in sync with the group source you are using with nss
configured in /etc/nsswitch.conf. If group.cache doesn't exist, the patch
has no effect and cyrus-imapd handles groups through getgrent().

Quick HOWTO:
- configure group lookup in /etc/nsswitch.conf if not already done
- configure name service cache in /etc/nscd.conf          (not mandatory)
- start nscd with "service nscd start"                    (not mandatory)
- configure a service which periodically updates the group.cache file
  using the upd_groupcache script. Either set up a cronjob or use a
  event in the cyrus configuration.

Sample /etc/cyrus.conf event to update the group cache every 10 minutes:
EVENTS {
  # some events removed here ***
  ...........................***

  # this is only necessary if using group cache feature
  groupcache    cmd="upd_groupcache" period=10
}


---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list