[prev in list] [next in list] [prev in thread] [next in thread]
List: webmin-l
Subject: Re: [webmin-l] LDAP Users and Groups module performance
From: Murray Trainer <mtrainer () central-data ! net>
Date: 2008-02-12 5:52:01
Message-ID: 1202795521.21649.13.camel () localhost
[Download RAW message or body]
Great, I will upgrade to 1.400 as soon as I can.
Thanks
Murray
> This is implemented in 1.400 release of Webmin, which is now
> available.
>
> - Jamie
>
> On 11/Feb/2008 20:16 Murray Trainer wrote ..
> > Hi Jamie,
> >
> > Let me know when you have this suggested fix ready to test.
> >
> > Thanks
> >
> > Murray
> >
> > > It's not real locking - it will just be a flag file that
> > > one Webmin process sets so that other Webmin processes
> > > don't write at the same time. Other processing accessing
> > > or writing to the LDAP DB will be un-effected.
> > >
> > > - Jamie
> > >
> > > On 03/Feb/2008 22:45 Murray Trainer wrote ..
> > > > At what level would the LDAP database be locked? We have other things
> > > > that might break if no updates were allowed on the LDAP database at all
> > > > for very long.
> > > >
> > > > Murray
> > > >
> > > >
> > > > > I also just thought of another alternative - use Webmin's locking capabilities
> > > > to lock the LDAP database before creating a user. This won't work if you have
> > other
> > > > programs also adding users though ..
> > > > >
> > > > > - Jamie
> > > > >
> > > > > On 03/Feb/2008 17:58 Murray Trainer wrote ..
> > > > > > One fix would be to have another check if the uid is still free just
> > > > > > before the Linux account is created in case the uid has been taken
> > > > > > between the time the create user form was loaded and the time it was
> > > > > > submitted.
> > > > > >
> > > > > > Murray
> > > > > >
> > > > > > > I guess I can see how that could happen. Webmin checks if a UID
> > > > > > > is free, then adds the new user. If two were created at just the
> > > > > > > same time, both processes would detect the same UID as free, then
> > > > > > > both make use of it!
> > > > > > >
> > > > > > > - Jamie
> > > > > > >
> > > > > > > On 03/Feb/2008 17:19 Murray Trainer wrote ..
> > > > > > > > Hi Jamie,
> > > > > > > >
> > > > > > > > I am using Webmin 1.380 and I believe it is correctly configured to
> > stop
> > > > > > > > duplicate users. Somehow we still got a duplicate uid. The two
> > > > > > > > accounts were created about 25 seconds apart. The first one was
> > > > > > > > probably still being created when the creation of the second one
> > > > > > > > started.
> > > > > > > >
> > > > > > > > Murray
> > > > > > > >
> > > > > > > >
> > > > > > > > > Yes, you should upgrade .. I haven't tested this module with 1.350,
> > > > > > > > > only 1.380.
> > > > > > > > >
> > > > > > > > > - Jamie
> > > > > > > > >
> > > > > > > > > On 12/Dec/2007 19:09 Murray Trainer wrote ..
> > > > > > > > > > Hi Jamie,
> > > > > > > > > >
> > > > > > > > > > We are running Webmin 1.350 in production. I have applied the
> > modified
> > > > > > > > > > LDAP Users module you sent and unchecked the "More than one user
> > can
> > > > > > > > > > have the same UID" option but we are still getting duplicate ID's.
> > > > > > > > > > Would upgrading the rest of webmin to 1.380 fix this?
> > > > > > > > > >
> > > > > > > > > > Thanks
> > > > > > > > > >
> > > > > > > > > > Murray
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > > You need to go to Webmin Users, click on your login, click on
> > LDAP
> > > > Users
> > > > > > > > and
> > > > > > > > > > Groups.
> > > > > > > > > > > On the page that comes up is an option to prevent duplicate UIDs
> > > > and
> > > > > > GIDs.
> > > > > > > > > > >
> > > > > > > > > > > - Jamie
> > > > > > > > > > >
> > > > > > > > > > > On 10/Dec/2007 18:12 Murray Trainer wrote ..
> > > > > > > > > > > >
> > > > > > > > > > > > Hi Jamie,
> > > > > > > > > > > >
> > > > > > > > > > > > I installed Webmin 1.380 and installed the LDAP users and groups
> > > > module
> > > > > > > > you
> > > > > > > > > > e-mailed.
> > > > > > > > > > > > I can't find where to turn on the Duplicate ID restriction
> > - is
> > > > it
> > > > > > in the
> > > > > > > > useradmin
> > > > > > > > > > > > module? I couldn't see it in the Webmin Users module either.
> > > > > > > > > > > >
> > > > > > > > > > > > Thanks
> > > > > > > > > > > >
> > > > > > > > > > > > Murray
> > > > > > > > > > > >
> > > > > > > > > > > > ----- Original Message -----
> > > > > > > > > > > > From: "Jamie Cameron" <jcameron@webmin.com>
> > > > > > > > > > > > To: "Murray Trainer" <mtrainer@gopc.net>
> > > > > > > > > > > > Sent: 11 December 2007 02:37:46 o'clock (GMT+0800) Australia/Perth
> > > > > > > > > > > > Subject: Re: [webmin-l] LDAP Users and Groups module performance
> > > > > > > > > > > >
> > > > > > > > > > > > Sure .. attached is a module update with a fix. You need to
> > turn
> > > > on
> > > > > > the
> > > > > > > > duplicate
> > > > > > > > > > > > UID
> > > > > > > > > > > > restriction in the Webmin Users module though.
> > > > > > > > > > > >
> > > > > > > > > > > > - Jamie
> > > > > > > > > > > >
> > > > > > > > > > > > On 10/Dec/2007 04:29 Murray Trainer wrote ..
> > > > > > > > > > > > > Hi Jamie,
> > > > > > > > > > > > >
> > > > > > > > > > > > > The duplicate uid's is a pretty urgent issue for us at the
> > moment
> > > > > > as
> > > > > > > > it stops
> > > > > > > > > > > > subsequent
> > > > > > > > > > > > > users from logging in. If you could send me something that
> > fixes
> > > > > > the
> > > > > > > > uid
> > > > > > > > > > issue
> > > > > > > > > > > > > soon it would really be appreciated.
> > > > > > > > > > > > >
> > > > > > > > > > > > > Thanks
> > > > > > > > > > > > >
> > > > > > > > > > > > > Murray
> > > > > > > > > > > > >
> > > > > > > > > > > > > ----- Original Message -----
> > > > > > > > > > > > > From: "Jamie Cameron" <jcameron@webmin.com>
> > > > > > > > > > > > > To: "Murray Trainer" <mtrainer@central-data.net>
> > > > > > > > > > > > > Sent: Monday, December 10, 2007 3:12:34 PM (GMT+0800) Australia/Perth
> > > > > > > > > > > > > Subject: Re: [webmin-l] LDAP Users and Groups module performance
> > > > > > > > > > > > >
> > > > > > > > > > > > > Thanks, that is actually a missing feature that I think has
> > never
> > > > > > been
> > > > > > > > in
> > > > > > > > > > the
> > > > > > > > > > > > module.
> > > > > > > > > > > > > In the next Webmin release, I will add an access control
> > option
> > > > to
> > > > > > prevent
> > > > > > > > > > the
> > > > > > > > > > > > > use
> > > > > > > > > > > > > of duplicate UIDs and GIDs.
> > > > > > > > > > > > >
> > > > > > > > > > > > > - Jamie
> > > > > > > > > > > > >
> > > > > > > > > > > > > On 09/Dec/2007 18:41 Murray Trainer wrote ..
> > > > > > > > > > > > > > Hi Jamie,
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > We have just found a bug that seems to have slipped in
> > since
> > > > the
> > > > > > change
> > > > > > > > > > below
> > > > > > > > > > > > > was
> > > > > > > > > > > > > > made. We have ended up with some users with duplicate UNIX
> > > > uid's.
> > > > > > > > I tested
> > > > > > > > > > > > Webmin
> > > > > > > > > > > > > > 1.350 and I can create a new user with the same uid of
> > an existing
> > > > > > > > user
> > > > > > > > > > - this
> > > > > > > > > > > > > > used to fail. I have tested 1.380 and that has the same
> > problem.
> > > > > > > > We would
> > > > > > > > > > > > also
> > > > > > > > > > > > > > like it to work if we have multiple simultaneous Webmin
> > users
> > > > adding
> > > > > > > > accounts
> > > > > > > > > > > > > so
> > > > > > > > > > > > > > if by the time the new user is saved the userid is taken,
> > webmin
> > > > > > increments
> > > > > > > > > > > > the
> > > > > > > > > > > > > > uid
> > > > > > > > > > > > > > until a free uid is available.
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > Thanks
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > Murray
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > ----- Original Message -----
> > > > > > > > > > > > > > From: "Jamie Cameron" <jcameron@webmin.com>
> > > > > > > > > > > > > > To: "Murray Trainer" <mtrainer@central-data.net>
> > > > > > > > > > > > > > Sent: 18 July 2007 00:22:19 o'clock (GMT+0800) Australia/Perth
> > > > > > > > > > > > > > Subject: Re: [webmin-l] LDAP Users and Groups module performance
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > On 17/Jul/2007 02:56 Murray Trainer wrote ..
> > > > > > > > > > > > > > > On Mon, 2007-07-16 at 22:39 -0700, Jamie Cameron wrote:
> > > > > > > > > > > > > > > > On 16/Jul/2007 19:20 Murray Trainer wrote ..
> > > > > > > > > > > > > > > > > On Mon, 2007-07-16 at 21:34 -0400, Galen Johnson
> > wrote:
> > > > > > > > > > > > > > > > > > Jamie Cameron wrote:
> > > > > > > > > > > > > > > > > > > On 16/Jul/2007 02:45 Murray Trainer wrote ..
> > > > > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > > > >> On Sun, 2007-03-11 at 23:50 -0700, Jamie Cameron
> > > > wrote:
> > > > > > > > > > > > > > > > > > >>
> > > > > > > > > > > > > > > > > > >>> The current method scans through all users
> > to build
> > > > > > up
> > > > > > > > a map
> > > > > > > > > > > > > > > of used
> > > > > > > > > > > > > > > > > > >>> UIDs, and then picks the next free one above
> > some
> > > > base.
> > > > > > > > I suppose
> > > > > > > > > > > > > > > > > some
> > > > > > > > > > > > > > > > > > >>> algorithm could be created to query IDs using
> > a
> > > > binary
> > > > > > > > search,
> > > > > > > > > > > > > > > but
> > > > > > > > > > > > > > > > > > >>> I'm not sure if that would be any faster..
> > > > > > > > > > > > > > > > > > >>>
> > > > > > > > > > > > > > > > > > >>> - Jamie
> > > > > > > > > > > > > > > > > > >>>
> > > > > > > > > > > > > > > > > > >> Hi Jamie,
> > > > > > > > > > > > > > > > > > >>
> > > > > > > > > > > > > > > > > > >> The time it is taking to add a new user is becoming
> > > > > > a major
> > > > > > > > > > issue
> > > > > > > > > > > > > > > > > for
> > > > > > > > > > > > > > > > > > >> us. Would it be possible to add an option in
> > the
> > > > LDAP
> > > > > > Users
> > > > > > > > > > module
> > > > > > > > > > > > > > > > > to
> > > > > > > > > > > > > > > > > > >> search for the next free UID number ignoring
> > deletions
> > > > > > ie
> > > > > > > > holes
> > > > > > > > > > > > > > > if
> > > > > > > > > > > > > > > > > that
> > > > > > > > > > > > > > > > > > >> would be quicker? Our LDAP database has an
> > index
> > > > on
> > > > > > uidNumber
> > > > > > > > > > > > > > > - it
> > > > > > > > > > > > > > > > > may
> > > > > > > > > > > > > > > > > > >> be quicker to just find the largest UID number
> > then
> > > > > > add
> > > > > > > > one.
> > > > > > > > > > > > > > > > > > >>
> > > > > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > > > > How about this for a solution - the module could
> > > > track
> > > > > > the
> > > > > > > > next
> > > > > > > > > > > > > > > UID
> > > > > > > > > > > > > > > > > itself,
> > > > > > > > > > > > > > > > > > > and always add 1 to it when adding a user. That
> > way
> > > > it
> > > > > > would
> > > > > > > > > > never
> > > > > > > > > > > > > > > > > need to
> > > > > > > > > > > > > > > > > > > scan the list of existing users. The down-side
> > would
> > > > > > be potential
> > > > > > > > > > > > > > > clashes
> > > > > > > > > > > > > > > > > > > if a user is created outside of the module with
> > a
> > > > UID
> > > > > > in
> > > > > > > > the
> > > > > > > > > > range
> > > > > > > > > > > > > > > > > it is
> > > > > > > > > > > > > > > > > > > assigning from.
> > > > > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > > > > If you like this idea, I'll send you a new version
> > > > of
> > > > > > the
> > > > > > > > module
> > > > > > > > > > > > > > > that
> > > > > > > > > > > > > > > > > > > implements it.
> > > > > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > > > > - Jamie
> > > > > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > > > If you do this, it should be simple enough to query
> > > > the
> > > > > > ldap
> > > > > > > > server
> > > > > > > > > > > > > > > to
> > > > > > > > > > > > > > > > > > see if it does exist and go ahead and increment,
> > validate,
> > > > > > > > rinse,
> > > > > > > > > > > > > > > > > > repeat...before it offers the uid for use?
> > > > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > > > =G=
> > > > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > > Thanks, I was going to say something similar. Such
> > a
> > > > solution
> > > > > > > > should
> > > > > > > > > > > > > > > be
> > > > > > > > > > > > > > > > > fast and not too much of a hack. I am very keen
> > to test
> > > > > > such
> > > > > > > > a fix.
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > Ok, try out this attached updated module..
> > > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > > - Jamie
> > > > > > > > > > > > > > >
> > > > > > > > > > > > > > > Thanks. That has got the time down from about 30 secs
> > to
> > > > about
> > > > > > 8
> > > > > > > > secs.
> > > > > > > > > > > > > > > Could you please explain how this new version works as
> > it
> > > > still
> > > > > > appears
> > > > > > > > > > > > > > > to fill holes?
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > This version starts with the base UID (set on the Module
> > Config
> > > > > > page),
> > > > > > > > > > then
> > > > > > > > > > > > > > asks the LDAP server for each UID in sequence if it is
> > used.
> > > > So
> > > > > > if
> > > > > > > > it is
> > > > > > > > > > still
> > > > > > > > > > > > > > slow, you could try moving the base UID to up closer to
> > the
> > > > top
> > > > > > of
> > > > > > > > your
> > > > > > > > > > > > > > allocated range.
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > - Jamie
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > -------------------------------------------------------------------------
> > > > > > This SF.net email is sponsored by: Microsoft
> > > > > > Defy all challenges. Microsoft(R) Visual Studio 2008.
> > > > > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > > > > > -
> > > > > > Forwarded by the Webmin mailing list at webadmin-list@lists.sourceforge.net
> > > > > > To remove yourself from this list, go to
> > > > > > http://lists.sourceforge.net/lists/listinfo/webadmin-list
> > > > >
> > > > > -------------------------------------------------------------------------
> > > > > This SF.net email is sponsored by: Microsoft
> > > > > Defy all challenges. Microsoft(R) Visual Studio 2008.
> > > > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > > > > -
> > > > > Forwarded by the Webmin mailing list at webadmin-list@lists.sourceforge.net
> > > > > To remove yourself from this list, go to
> > > > > http://lists.sourceforge.net/lists/listinfo/webadmin-list
> > > > --
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------------------------
> > > > This SF.net email is sponsored by: Microsoft
> > > > Defy all challenges. Microsoft(R) Visual Studio 2008.
> > > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > > > -
> > > > Forwarded by the Webmin mailing list at webadmin-list@lists.sourceforge.net
> > > > To remove yourself from this list, go to
> > > > http://lists.sourceforge.net/lists/listinfo/webadmin-list
> > >
> > > -------------------------------------------------------------------------
> > > This SF.net email is sponsored by: Microsoft
> > > Defy all challenges. Microsoft(R) Visual Studio 2008.
> > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > > -
> > > Forwarded by the Webmin mailing list at webadmin-list@lists.sourceforge.net
> > > To remove yourself from this list, go to
> > > http://lists.sourceforge.net/lists/listinfo/webadmin-list
> > --
> >
> >
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by: Microsoft
> > Defy all challenges. Microsoft(R) Visual Studio 2008.
> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > -
> > Forwarded by the Webmin mailing list at webadmin-list@lists.sourceforge.net
> > To remove yourself from this list, go to
> > http://lists.sourceforge.net/lists/listinfo/webadmin-list
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> -
> Forwarded by the Webmin mailing list at webadmin-list@lists.sourceforge.net
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
-
Forwarded by the Webmin mailing list at webadmin-list@lists.sourceforge.net
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic