diff -up nss_ldap-253/ldap-nss.c.original nss_ldap-253/ldap-nss.c
--- nss_ldap-253/ldap-nss.c.original 2010-10-04 10:53:00.000000000 +0900
+++ nss_ldap-253/ldap-nss.c 2010-10-04 10:54:47.000000000 +0900
@@ -1293,7 +1293,7 @@ do_init (void)
cfg = __config;
- _nss_ldap_init_attributes (cfg->ldc_attrtab);
+ _nss_ldap_init_attributes (cfg->ldc_attrtab, cfg->ldc_getgrent_skipmembers);
_nss_ldap_init_filters ();
#ifdef HAVE_LDAP_SET_OPTION
diff -up nss_ldap-253/ldap-nss.h.original nss_ldap-253/ldap-nss.h
--- nss_ldap-253/ldap-nss.h.original 2010-10-04 10:55:00.000000000 +0900
+++ nss_ldap-253/ldap-nss.h 2010-10-04 10:55:34.000000000 +0900
@@ -390,6 +390,7 @@ struct ldap_config
time_t ldc_mtime;
char **ldc_initgroups_ignoreusers;
+ int ldc_getgrent_skipmembers;
};
typedef struct ldap_config ldap_config_t;
diff -up nss_ldap-253/ldap-schema.c.original nss_ldap-253/ldap-schema.c
--- nss_ldap-253/ldap-schema.c.original 2010-10-04 10:55:55.000000000 +0900
+++ nss_ldap-253/ldap-schema.c 2010-10-04 10:59:11.000000000 +0900
@@ -273,7 +273,7 @@ _nss_ldap_init_filters ()
static void init_pwd_attributes (const char ***pwd_attrs);
static void init_sp_attributes (const char ***sp_attrs);
-static void init_grp_attributes (const char ***grp_attrs);
+static void init_grp_attributes (const char ***grp_attrs, int ldc_getgrent_skipmembers);
static void init_hosts_attributes (const char ***hosts_attrs);
static void init_services_attributes (const char ***services_attrs);
static void init_network_attributes (const char ***network_attrs);
@@ -289,11 +289,11 @@ static void init_automount_attributes (c
* attribute table initialization routines
*/
void
-_nss_ldap_init_attributes (const char ***attrtab)
+_nss_ldap_init_attributes (const char ***attrtab, int ldc_getgrent_skipmembers)
{
init_pwd_attributes (&attrtab[LM_PASSWD]);
init_sp_attributes (&attrtab[LM_SHADOW]);
- init_grp_attributes (&attrtab[LM_GROUP]);
+ init_grp_attributes (&attrtab[LM_GROUP], ldc_getgrent_skipmembers);
init_hosts_attributes (&attrtab[LM_HOSTS]);
init_services_attributes (&attrtab[LM_SERVICES]);
init_network_attributes (&attrtab[LM_NETWORKS]);
@@ -357,7 +357,7 @@ init_sp_attributes (const char ***sp_att
}
static void
-init_grp_attributes (const char ***grp_attrs)
+init_grp_attributes (const char ***grp_attrs, int ldc_getgrent_skipmembers)
{
int i = 0;
static const char *__grp_attrs[ATTRTAB_SIZE + 1];
@@ -366,9 +366,12 @@ init_grp_attributes (const char ***grp_a
(*grp_attrs)[i++] = (char *) ATM (LM_GROUP, cn);
(*grp_attrs)[i++] = (char *) ATM (LM_GROUP, userPassword);
- (*grp_attrs)[i++] = (char *) AT (memberUid);
- if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS))
- (*grp_attrs)[i++] = (char *) AT (uniqueMember);
+ if (!ldc_getgrent_skipmembers)
+ {
+ (*grp_attrs)[i++] = (char *) AT (memberUid);
+ if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS))
+ (*grp_attrs)[i++] = (char *) AT (uniqueMember);
+ }
(*grp_attrs)[i++] = (char *) ATM (LM_GROUP, gidNumber);
(*grp_attrs)[i] = NULL;
}
diff -up nss_ldap-253/ldap-schema.h.original nss_ldap-253/ldap-schema.h
--- nss_ldap-253/ldap-schema.h.original 2010-10-04 10:59:20.000000000 +0900
+++ nss_ldap-253/ldap-schema.h 2010-10-04 10:59:49.000000000 +0900
@@ -30,7 +30,7 @@
* function to initialize global lookup filters.
*/
void _nss_ldap_init_filters ();
-void _nss_ldap_init_attributes (const char ***attrtab);
+void _nss_ldap_init_attributes (const char ***attrtab, int ldc_getgrent_skipmembers);
/**
* make filters formerly declared in ldap-*.h globally available.
diff -up nss_ldap-253/nss_ldap.5.original nss_ldap-253/nss_ldap.5
--- nss_ldap-253/nss_ldap.5.original 2010-10-04 11:00:25.000000000 +0900
+++ nss_ldap-253/nss_ldap.5 2010-10-04 11:06:44.000000000 +0900
@@ -451,6 +451,14 @@ This option directs the
module to check that results it retrieves from the server exactly match the
name for which it searched for data.
.TP
+.B nss_getgrent_skipmembers <yes|no>
+Specifies whether or not to populate the members list in
+the group structure for group lookups. If very large groups
+are present, enabling this option will greatly increase
+perforance, at the cost of some lost functionality. You should
+verify no local applications rely on this information before
+enabling this on a production system.
+.TP
.B nss_srv_domain <domain>
This option determines the DNS domain used for performing SRV
lookups.
diff -up nss_ldap-253/util.c.original nss_ldap-253/util.c
--- nss_ldap-253/util.c.original 2010-10-04 11:07:02.000000000 +0900
+++ nss_ldap-253/util.c 2010-10-04 11:12:27.000000000 +0900
@@ -660,6 +660,7 @@ NSS_STATUS _nss_ldap_init_config (ldap_c
result->ldc_reconnect_maxsleeptime = LDAP_NSS_MAXSLEEPTIME;
result->ldc_reconnect_maxconntries = LDAP_NSS_MAXCONNTRIES;
result->ldc_initgroups_ignoreusers = NULL;
+ result->ldc_getgrent_skipmembers = 0;
for (i = 0; i <= LM_NONE; i++)
{
@@ -1137,6 +1138,19 @@ _nss_ldap_readconfig (ldap_config_t ** p
break;
}
}
+ else if (!strcasecmp (k, NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS))
+ {
+ if (!strcasecmp (v, "on") || !strcasecmp (v, "yes")
+ || !strcasecmp (v, "true"))
+ {
+ result->ldc_getgrent_skipmembers = 1;
+ }
+ else if (!strcasecmp (v, "off") || !strcasecmp (v, "no")
+ || !strcasecmp (v, "false"))
+ {
+ result->ldc_getgrent_skipmembers = 0;
+ }
+ }
else if (!strcasecmp (k, NSS_LDAP_KEY_CONNECT_POLICY))
{
if (!strcasecmp (v, "oneshot"))
diff -up nss_ldap-253/util.h.original nss_ldap-253/util.h
--- nss_ldap-253/util.h.original 2010-10-04 11:12:34.000000000 +0900
+++ nss_ldap-253/util.h 2010-10-04 11:12:59.000000000 +0900
@@ -83,6 +83,7 @@ NSS_STATUS _nss_ldap_dn2uid (const char
#define NSS_LDAP_KEY_PAGESIZE "pagesize"
#define NSS_LDAP_KEY_INITGROUPS "nss_initgroups"
#define NSS_LDAP_KEY_INITGROUPS_IGNOREUSERS "nss_initgroups_ignoreusers"
+#define NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS "nss_getgrent_skipmembers"
/* more reconnect policy fine-tuning */
#define NSS_LDAP_KEY_RECONNECT_TRIES "nss_reconnect_tries"
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
media
>
main-src
>
by-pkgid
>
f2c9a24e570f82c24fd7074143d03478
>
files
>
27
