> -----Original Message----- > From: info-cyrus-bounces@xxxxxxxxxxxxxxxxxxxx [mailto:info-cyrus- > bounces@xxxxxxxxxxxxxxxxxxxx] On Behalf Of Michael Loftis > Sent: Thursday, October 05, 2006 5:37 PM > To: Chaskiel M Grundman; betsys@xxxxxxxxxxxxxxx > Cc: info-cyrus@xxxxxxxxxxxxxxxxxxxx > Subject: Re: Cyrus, Solaris 10, ZFS? (and NIS?) > > > > --On October 5, 2006 4:46:54 PM -0400 Chaskiel M Grundman > <cg2v@xxxxxxxxxxxxxx> wrote: > > > > > > > > mynewstate is taking 8s to run, and very little of the time is taken up > > in local subroutines. > > auth_unix.c:mynewstate calls getpwnam, and then iterates over all the > > groups using getgrent(), > > checking to see what groups the user is in. The fact that imapd does > this > > twice might be a bug, but even if it didn't do it twice, it would still > > be slow. > > > > Is running "getent group" slow? > > We had to patch this out of our Cyrus frontends using LDAP as well because > it iterates instead of retrieves. We just decided not to support groups > in > the ACL's. > > I'd suspect this is exactly whats going on is this code is still there in > latest Cyrus and it's building the ACL representation. If you don't care > about groups you can find, and remove, that code as we did. Cyrus already deals with this deficiency; unix_group_enable: 0 (not really cyrus fault). There is at least one other and more effective way to implement group ACLs especially if you use LDAP via pts. See man imapd.conf (unfortunately not much more documentation than that) -Igor ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html