Bug#717235: proftpd requests the whole passwd database at each login
Arthur de Jong
adejong at debian.org
Fri Jul 19 14:46:29 UTC 2013
On Fri, 2013-07-19 at 12:53 +0200, Marco d'Itri wrote:
> I have a theory, but I have not verified it by looking at the code:
> I can see in the nslcd debug log that "passwd(all)" is requested, but
> then only a few lines are listed in the log (and IIRC they are followed
> by an error which suggests that the client stopped requesting data).
> So I wonder if the problem is that:
> - proftpd requests passwd(all)
> - but it only looks at the first few results and then calls endpwent(3)
> or something like this
> - libnss-ldap then would immediately stop requesting records from the
> LDAP server
> - but libnss-ldapd uses nslcd which is persistent, so nslcd would still
> receive all data even if the client does not care anymore
>
> Does this look reasonable to you?
> If it is true then I do not think that it would be a libnss-ldapd bug.
That would indeed be a difference between libnss-ldap and
libnss-ldapd/nslcd. nslcd has by default 5 threads that handle requests
and pass the results back to the NSS module. To achieve reasonable
performance and not tie up the threads too long, the communication
between nslcd and the NSS module is buffered (on both ends) with
reasonably large buffers.
This could result in considerable more results being requested from the
LDAP server with libnss-ldapd/nslcd than with libnss-ldap.
--
-- arthur - adejong at debian.org - http://people.debian.org/~adejong --
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-proftpd-maintainers/attachments/20130719/4e6c7325/attachment.sig>
More information about the Pkg-proftpd-maintainers
mailing list