diff -up nss_ldap-253/ldap-nss.c.original nss_ldap-253/ldap-nss.c --- nss_ldap-253/ldap-nss.c.original 2010-10-04 10:53:00.000000000 +0900 +++ nss_ldap-253/ldap-nss.c 2010-10-04 10:54:47.000000000 +0900 @@ -1293,7 +1293,7 @@ do_init (void) cfg = __config; - _nss_ldap_init_attributes (cfg->ldc_attrtab); + _nss_ldap_init_attributes (cfg->ldc_attrtab, cfg->ldc_getgrent_skipmembers); _nss_ldap_init_filters (); #ifdef HAVE_LDAP_SET_OPTION diff -up nss_ldap-253/ldap-nss.h.original nss_ldap-253/ldap-nss.h --- nss_ldap-253/ldap-nss.h.original 2010-10-04 10:55:00.000000000 +0900 +++ nss_ldap-253/ldap-nss.h 2010-10-04 10:55:34.000000000 +0900 @@ -390,6 +390,7 @@ struct ldap_config time_t ldc_mtime; char **ldc_initgroups_ignoreusers; + int ldc_getgrent_skipmembers; }; typedef struct ldap_config ldap_config_t; diff -up nss_ldap-253/ldap-schema.c.original nss_ldap-253/ldap-schema.c --- nss_ldap-253/ldap-schema.c.original 2010-10-04 10:55:55.000000000 +0900 +++ nss_ldap-253/ldap-schema.c 2010-10-04 10:59:11.000000000 +0900 @@ -273,7 +273,7 @@ _nss_ldap_init_filters () static void init_pwd_attributes (const char ***pwd_attrs); static void init_sp_attributes (const char ***sp_attrs); -static void init_grp_attributes (const char ***grp_attrs); +static void init_grp_attributes (const char ***grp_attrs, int ldc_getgrent_skipmembers); static void init_hosts_attributes (const char ***hosts_attrs); static void init_services_attributes (const char ***services_attrs); static void init_network_attributes (const char ***network_attrs); @@ -289,11 +289,11 @@ static void init_automount_attributes (c * attribute table initialization routines */ void -_nss_ldap_init_attributes (const char ***attrtab) +_nss_ldap_init_attributes (const char ***attrtab, int ldc_getgrent_skipmembers) { init_pwd_attributes (&attrtab[LM_PASSWD]); init_sp_attributes (&attrtab[LM_SHADOW]); - init_grp_attributes (&attrtab[LM_GROUP]); + init_grp_attributes (&attrtab[LM_GROUP], ldc_getgrent_skipmembers); init_hosts_attributes (&attrtab[LM_HOSTS]); init_services_attributes (&attrtab[LM_SERVICES]); init_network_attributes (&attrtab[LM_NETWORKS]); @@ -357,7 +357,7 @@ init_sp_attributes (const char ***sp_att } static void -init_grp_attributes (const char ***grp_attrs) +init_grp_attributes (const char ***grp_attrs, int ldc_getgrent_skipmembers) { int i = 0; static const char *__grp_attrs[ATTRTAB_SIZE + 1]; @@ -366,9 +366,12 @@ init_grp_attributes (const char ***grp_a (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, cn); (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, userPassword); - (*grp_attrs)[i++] = (char *) AT (memberUid); - if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS)) - (*grp_attrs)[i++] = (char *) AT (uniqueMember); + if (!ldc_getgrent_skipmembers) + { + (*grp_attrs)[i++] = (char *) AT (memberUid); + if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS)) + (*grp_attrs)[i++] = (char *) AT (uniqueMember); + } (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, gidNumber); (*grp_attrs)[i] = NULL; } diff -up nss_ldap-253/ldap-schema.h.original nss_ldap-253/ldap-schema.h --- nss_ldap-253/ldap-schema.h.original 2010-10-04 10:59:20.000000000 +0900 +++ nss_ldap-253/ldap-schema.h 2010-10-04 10:59:49.000000000 +0900 @@ -30,7 +30,7 @@ * function to initialize global lookup filters. */ void _nss_ldap_init_filters (); -void _nss_ldap_init_attributes (const char ***attrtab); +void _nss_ldap_init_attributes (const char ***attrtab, int ldc_getgrent_skipmembers); /** * make filters formerly declared in ldap-*.h globally available. diff -up nss_ldap-253/nss_ldap.5.original nss_ldap-253/nss_ldap.5 --- nss_ldap-253/nss_ldap.5.original 2010-10-04 11:00:25.000000000 +0900 +++ nss_ldap-253/nss_ldap.5 2010-10-04 11:06:44.000000000 +0900 @@ -451,6 +451,14 @@ This option directs the module to check that results it retrieves from the server exactly match the name for which it searched for data. .TP +.B nss_getgrent_skipmembers <yes|no> +Specifies whether or not to populate the members list in +the group structure for group lookups. If very large groups +are present, enabling this option will greatly increase +perforance, at the cost of some lost functionality. You should +verify no local applications rely on this information before +enabling this on a production system. +.TP .B nss_srv_domain <domain> This option determines the DNS domain used for performing SRV lookups. diff -up nss_ldap-253/util.c.original nss_ldap-253/util.c --- nss_ldap-253/util.c.original 2010-10-04 11:07:02.000000000 +0900 +++ nss_ldap-253/util.c 2010-10-04 11:12:27.000000000 +0900 @@ -660,6 +660,7 @@ NSS_STATUS _nss_ldap_init_config (ldap_c result->ldc_reconnect_maxsleeptime = LDAP_NSS_MAXSLEEPTIME; result->ldc_reconnect_maxconntries = LDAP_NSS_MAXCONNTRIES; result->ldc_initgroups_ignoreusers = NULL; + result->ldc_getgrent_skipmembers = 0; for (i = 0; i <= LM_NONE; i++) { @@ -1137,6 +1138,19 @@ _nss_ldap_readconfig (ldap_config_t ** p break; } } + else if (!strcasecmp (k, NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS)) + { + if (!strcasecmp (v, "on") || !strcasecmp (v, "yes") + || !strcasecmp (v, "true")) + { + result->ldc_getgrent_skipmembers = 1; + } + else if (!strcasecmp (v, "off") || !strcasecmp (v, "no") + || !strcasecmp (v, "false")) + { + result->ldc_getgrent_skipmembers = 0; + } + } else if (!strcasecmp (k, NSS_LDAP_KEY_CONNECT_POLICY)) { if (!strcasecmp (v, "oneshot")) diff -up nss_ldap-253/util.h.original nss_ldap-253/util.h --- nss_ldap-253/util.h.original 2010-10-04 11:12:34.000000000 +0900 +++ nss_ldap-253/util.h 2010-10-04 11:12:59.000000000 +0900 @@ -83,6 +83,7 @@ NSS_STATUS _nss_ldap_dn2uid (const char #define NSS_LDAP_KEY_PAGESIZE "pagesize" #define NSS_LDAP_KEY_INITGROUPS "nss_initgroups" #define NSS_LDAP_KEY_INITGROUPS_IGNOREUSERS "nss_initgroups_ignoreusers" +#define NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS "nss_getgrent_skipmembers" /* more reconnect policy fine-tuning */ #define NSS_LDAP_KEY_RECONNECT_TRIES "nss_reconnect_tries"