TEST RELEASE: Cygwin 1.7.35-0.3
Corinna Vinschen
corinna-cygwin@cygwin.com
Wed Feb 25 14:10:00 GMT 2015
Hi John,
On Feb 23 10:22, John Hein wrote:
> Corinna Vinschen corinna-cygwin-at-cygwin.com |cygwin_ml_nodigest| wrote at 12:17 +0100 on Feb 23, 2015:
> > 1.7.33:
> >
> > Calls NetUserEnum/NetGroupEnum,NetLocalGroupEnum with maximum Buffer
> > size.
> >
> > 1.7.34+:
> >
> > Calls an LDAP enumerator fetching 100 SIDs per call.
> > For each SID:
> > Call LookupAccountSid.
> > For each User:
> > Depending on nsswitch.conf, call LDAP to fetch the extended passwd
> > info (pw_shell, pw_home, pw_gecos).
> >
> > I guess there's some room for improvement.
> >
> > OTOH, keep in mind that you're not suppsoed to call mkpasswd/mkgroup
> > to enumerate your entire organization. If you're using it at all, then
> > only to create the required entries in /etc/passwd and /etc/group for
> > your local acocunt to work, and then leave everything else to the "db"
> > setting.
>
> Fair enough. I'll stop stress testing mkpasswd and consider this
> closed unless there's something we want to try.
>
> But 1.7.33 seems much faster (if you can call 50 minutes fast) at it
> than 1.7.34-6 or 1.7.35-0.3 in this large-ish AD. Maybe a knob to
> specify buffer size and/or some other knobs might help identifying the
> slowest parts (and/or some stats). Just a thought.
>
> I'll add that the 1.7.34-6 'strace mkpasswd -d' that I had started
> above finished in 20+ hours and spewed ~3500 of ~8000 entries.
Can you retry this test with the latest developer snapshot (2015-02-25)
from https://cygwin.com/snapshots/, please? As I already said in other
mails to this list, I rewrote the code doing the LDAP lookup for the
getpwent/getgrent calls, as well as for mkpasswd/mkgroup. I reduced
the number of LDAP calls to 1 call per 100 users, with no intermediate
LDAP call within. This should become as fast as it can get. It may
still be slower than pre-1.7.34, but that is a bit unfair considering
the more complext setup using various different AD attributes depending
on the settings in /etc/nsswitch.conf.
OTOH, the number of accounts per LDAP call (100) is a fixed number right
now. It might be prudent to use a different, higher number in calls to
mkpasswd/mkgroup, compared to a "real" getpwent/getgrent, let's say,
1000. That might give us another performance gain, but needs testing in
a big environment like yours, of course.
As for stopping after 3500 of 8000 accounts, I'd be interested to
investigate this further, as I accidentally addressed to Roger Orr.
As I outlined in that mail, I stumbled over a bug in my code which also
resulted in enumerating less accounts as desired. So I'm not entirely
sure your problem isn't related to a bug either. So, first thing first,
does that problem still exist with the snapshot?
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20150225/5ee1a367/attachment.sig>
More information about the Cygwin
mailing list