Hi Roger, On Feb 17 22:32, Corinna Vinschen wrote: > On Feb 17 19:13, Roger Orr wrote: > > According to nltest /dclist: > > Our environment has 6 London based DCs > > > > According to ldp.exe Live Enterprise Tree we have a tree structure for LDAP. > > > > 6 leaf nodes at the top matching ther 6 DCs > > 4 leaf nodes under an "AUS" (Australia) node > > 3 leaf nodes under a "CHI" (Chicago) node > > and a few more similar to this in other regions. > > > > When running mkpasswd I see active sessions to all the nodes in the tree on > > port 389 (ldap) > > > > I have tried using Sysinternals ADInsight (with a 32bit cygwin) to see what > > requests are made with 'echo.exe' > > > > There are two searches shown: > > > > A) RootDSE:LDAP_SCOPE_BASE:(objectclass=*) (1.113ms) > > B) <London DNS>:LDAP_SCOPE_SUBTREE:((objectClass=trustedDomain) AND > > (name=<Australian DNS>)) (4.426s) > > > > I don't know why the second query is being made with the Australian DNS name > > but I suspect this is the problem. > > Thanks for doing that! It's really cool to get this info since it seems > to point to the culprit. > > It's not the problem that the Australian DNS is mentioned here. This is > perfectly valid. The LDAP query is going to the London DNS DC > (apparently, I hope that's right in your case) and the query is for > information on a trusted domain. It looks like you have a group from > the australian domain in your user token. To compute the gid of the > group, cygwin asks *your* DC for a value called "posixOffset" for *that* > trusted domain. > > The bottom line is, this is not going to Australia, because all DCs have > this info for their trusted domains in their own DB so it's a planly > local query. > > However, that mean this local LDAP query is *extremly* slow. I changed > the query now to limit the scope of the database search. This should speed > up the request a lot. > [...etc...]
I just release a new test release, 1.7.35-0.3, see https://cygwin.com/ml/cygwin-announce/2015-02/msg00133.html This should speed up the search for the trustedDomain info a lot. Can you please give it a try and perform your fantastic timing test as above? Thanks in advance, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat
pgpZIx1uZrKCV.pgp
Description: PGP signature
