Re: cron + ldap = disaster?
Natxo Asenjo wrote:
> Hi,
>
> I have successfully deployed a single sign on solution with openldap, it
> works great. But, there is a little problem with cron. Everytime one of
> the users' or system's crontab changes, cron stops working. The number
> of cron processes skyrockets (within minutes you see it going from 1 to
> hundreds) and the overall response of the server is badly hit.
>
> I have a solution, which works but it is not really convenient. First I
> check the number of cron processes:
>
> # pgrep cron
>
> if that is lower than 3/4 (which could happen if several cron jobs run
> at the same time for different users) I do nothing. Otherwise,
>
> # killall cron
> # /etc/init.d/cron start
> # /etc/init.d/slapd restart
>
> and all is fine until someone changes his/her crontab.
>
> I found in google that red hat had this issue too in 2000, but it is
> fixed a long time ago:
>
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=9405
>
> Unfortunately I am not a coder :(. It would be sad though if people
> would stop using debian in a company environenment because of this poblem.
>
> Ok, that was it.
>
> regards,
> J.I. Asenjo
We use openldap with libnss-ldap and pam-ldap and do not have this
problem with cron jobs, servers are running woody and sarge without
problems. If you are on woody still, check out the openldap and libnss
from backports.org.
Brian
Reply to: