X-Recipient: archive-cygwin@delorie.com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:cc:subject:date:message-id:references :in-reply-to:content-type:content-transfer-encoding :mime-version; q=dns; s=default; b=Sq6L/HwvvSA2PCk6Lwl8lo0dwga6I GZVhvgJpOuZLUVKPnALApCzx2E0ELLrEgRoElAhmV/K3rSLTUFvSTpEfTzfJqIgi 8V8AATcUwPkkLGTdS11or74NS/4AfcOvjLd1kRYBcLLb2Rn+it7awbu67mgk1xAQ a88tgC2wxIr2/0= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:cc:subject:date:message-id:references :in-reply-to:content-type:content-transfer-encoding :mime-version; s=default; bh=tjqMhVQtiXeLxRg154anP24vFc8=; b=JIr k1hoqkZBquI/wZ03gbEEiYRMxyFD9pxFV4nR4tv6dGZEoYt1k5KeLCGy2RIeHJi4 3L8APo8z1HBj2r1R5mcPxOmcoGh5gWIARUjw+RVeCEKdKBm1zAuh77uynKvUR32x 2TuIA4ob+JCXRBLjVcJyDwRx94GppY0SOdCiIavY= Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.9 required=5.0 tests=AWL,BAYES_00,KAM_COUK,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 X-Spam-User: qpsmtpd, 2 recipients X-HELO: smtp.demon.co.uk From: Roger Orr To: Corinna Vinschen CC: "cygwin@cygwin.com" Subject: RE: slow startup after upgrade Date: Wed, 18 Feb 2015 11:26:53 +0000 Message-ID: <7011F01FD056AE4083D6B2DBB3F2DAFF280C9A5E@EXMBX16.thus.corp> References: <20150216210132.GM8493@calimero.vinschen.de> <7C9A9F7AB74D423499279676D7FA905A@Tamar> <20150217213255.GC4340@calimero.vinschen.de>,<20150218111802.GM8493@calimero.vinschen.de> In-Reply-To: <20150218111802.GM8493@calimero.vinschen.de> Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 X-MDF-HostID: 21 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id t1IBRaYe023110 Hello Corinna, I've just been trying out both the 2015-02-18 10:30:19/44 UTC and 2015-02-17 21:27:23/48 UTC patches. Both are now down to the same timings as with a 'files' entry in /etc/nsswitch.cfg, (and there's no detectable speed difference between them.) The scope restriction in the second query to \System reduces the query time to 1.1 - 1.3 ms (was 4 seconds) and also it no longer opens 14 TCP/IP sessions to various ldap servers around the planet (!) I note that mkpasswd and mkgroup do still open many sessions to the ldap servers, but that may be inevitable. It's not an issue directly, of course, since I'll no longer need to make use of these, but it perhaps might indicate another place where the ldap queries are sub-optimal. Thanks for your rapid response on this issue! Regards, Roger. ________________________________________ From: Corinna Vinschen [corinna-cygwin@cygwin.com] Sent: 18 February 2015 11:18 To: cygwin@cygwin.com Cc: Roger Orr Subject: Re: slow startup after upgrade Hi Roger, On Feb 17 22:32, Corinna Vinschen wrote: > On Feb 17 19:13, Roger Orr wrote: > > According to nltest /dclist: > > Our environment has 6 London based DCs > > > > According to ldp.exe Live Enterprise Tree we have a tree structure for LDAP. > > > > 6 leaf nodes at the top matching ther 6 DCs > > 4 leaf nodes under an "AUS" (Australia) node > > 3 leaf nodes under a "CHI" (Chicago) node > > and a few more similar to this in other regions. > > > > When running mkpasswd I see active sessions to all the nodes in the tree on > > port 389 (ldap) > > > > I have tried using Sysinternals ADInsight (with a 32bit cygwin) to see what > > requests are made with 'echo.exe' > > > > There are two searches shown: > > > > A) RootDSE:LDAP_SCOPE_BASE:(objectclass=*) (1.113ms) > > B) :LDAP_SCOPE_SUBTREE:((objectClass=trustedDomain) AND > > (name=)) (4.426s) > > > > I don't know why the second query is being made with the Australian DNS name > > but I suspect this is the problem. > > Thanks for doing that! It's really cool to get this info since it seems > to point to the culprit. > > It's not the problem that the Australian DNS is mentioned here. This is > perfectly valid. The LDAP query is going to the London DNS DC > (apparently, I hope that's right in your case) and the query is for > information on a trusted domain. It looks like you have a group from > the australian domain in your user token. To compute the gid of the > group, cygwin asks *your* DC for a value called "posixOffset" for *that* > trusted domain. > > The bottom line is, this is not going to Australia, because all DCs have > this info for their trusted domains in their own DB so it's a planly > local query. > > However, that mean this local LDAP query is *extremly* slow. I changed > the query now to limit the scope of the database search. This should speed > up the request a lot. > [...etc...] I just release a new test release, 1.7.35-0.3, see https://cygwin.com/ml/cygwin-announce/2015-02/msg00133.html This should speed up the search for the trustedDomain info a lot. Can you please give it a try and perform your fantastic timing test as above? Thanks in advance, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple