TEST RELEASE: Cygwin 1.7.35-0.3

Corinna Vinschen corinna-cygwin@cygwin.com
Mon Feb 23 19:04:00 GMT 2015


On Feb 23 10:22, John Hein wrote:
> Corinna Vinschen corinna-cygwin-at-cygwin.com |cygwin_ml_nodigest| wrote at 12:17 +0100 on Feb 23, 2015:
>  > Come to think of it, it's probably really just slow.  The difference
>  > between mkpasswd/mkgroup for domain accounts:
>  >
>  > 1.7.33:
>  >
>  >   Calls NetUserEnum/NetGroupEnum,NetLocalGroupEnum with maximum Buffer
>  >   size.
>  >
>  > 1.7.34+:
>  >
>  >   Calls an LDAP enumerator fetching 100 SIDs per call.
>  >   For each SID:
>  >     Call LookupAccountSid.
>  >     For each User:
>  >       Depending on nsswitch.conf, call LDAP to fetch the extended passwd
>  >       info (pw_shell, pw_home, pw_gecos).
>  >
>  > I guess there's some room for improvement.
>  >
>  > OTOH, keep in mind that you're not suppsoed to call mkpasswd/mkgroup
>  > to enumerate your entire organization.  If you're using it at all, then
>  > only to create the required entries in /etc/passwd and /etc/group for
>  > your local acocunt to work, and then leave everything else to the "db"
>  > setting.
> 
> Fair enough.  I'll stop stress testing mkpasswd and consider this
> closed unless there's something we want to try.
> 
> But 1.7.33 seems much faster (if you can call 50 minutes fast) at it
> than 1.7.34-6 or 1.7.35-0.3 in this large-ish AD.  Maybe a knob to
> specify buffer size and/or some other knobs might help identifying the
> slowest parts (and/or some stats).  Just a thought.

I'll have a look into improving the stuff for sure.  I think this
requires to limit the number of LDAP calls in the first place.  Rather
then fetching SIDs only, the enumerator should fetch all required account 
information immediately, so the number of LDAP calls will be

  #accounts / 100 == 80

rather than the today's

  #accounts 100 + #accounts == 8080.

The extra 8000 LookupAccountSid calls would go away, too.

> I'll add that the 1.7.34-6 'strace mkpasswd -d' that I had started
> above finished in 20+ hours and spewed ~3500 of ~8000 entries.

It may be a restriction on your server.  There're often settings
limiting the number of calls per client.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20150223/adaf6b6e/attachment.sig>


More information about the Cygwin mailing list