由于SECD因LDAP请求而过载、应用程序加载用户配置文件所用时间比预期长

适用场景

问题描述

• 应用程序加载用户配置文件所需时间超过15分钟。
• SECD日志显示所有LDAP调用均已覆盖此secd： 

   2025-01-21 05:12:17 - 06:12:17+00:00 svm_741408d0a698492b99f7392a1197a195_93324047:LDAP (NIS & Name Mapping):GetUserInfoFromName:LDAP(Can't contact LDAP server):10.xx.xx.xx Can't contact LDAP server GetUserInfoFromName 1 2025-01-21 05:12:17 - 06:12:17+00:00 svm_741408d0a698492b99f7392a1197a195_93324047:LDAP (NIS & Name Mapping):GetUserInfoFromName:LDAP(Can't contact LDAP server):10.xx.xx.xx Can't contact LDAP server GetUserInfoFromName 5 2025-01-21 05:12:17 - 06:12:17+00:00 svm_741408d0a698492b99f7392a1197a195_93324047:LDAP (NIS & Name Mapping):GetUserInfoFromName:LDAP(No such object):10.xx.xx.xx No such object GetUserInfoFromName 8386 2025-01-21 05:12:17 - 06:12:17+00:00 svm_741408d0a698492b99f7392a1197a195_93324047:LDAP (NIS & Name Mapping):GetUserInfoFromName:LDAP(No such object):10.xx.xx.xx No such object GetUserInfoFromName 6541 2025-01-21 05:12:17 - 06:12:17+00:00 svm_741408d0a698492b99f7392a1197a195_93324047:LDAP (NIS & Name Mapping):GetUserInfoFromName:LDAP(No such object):10.xx.xx.xx No such object GetUserInfoFromName 4181 2025-01-21 05:12:17 - 06:12:17+00:00 svm_741408d0a698492b99f7392a1197a195_93324047:LDAP (NIS & Name Mapping):GetUserInfoFromName:LDAP(No such object):10.xx.xx.xx No such object GetUserInfoFromName 10237 2025-01-21 05:12:17 - 06:12:17+00:00 svm_741408d0a698492b99f7392a1197a195_93324047:LDAP (NIS & Name Mapping):GetUserInfoFromName:LDAP(No such object):10.xx.xx.xx No such object GetUserInfoFromName 24544 2025-01-21 05:12:17 

• 对于不在名称映射缓存中的用户、必须从LDAP中检查名称映射、并且由于LDAP没有响应、这些用户将映射到默认pcuser。
  
  Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.659]  ERR  :  RESULT_ERROR_SECD_USER_NOT_FOUND:6909 in getUserInfoViaLibC() at src/utils/secd_ns_utils.cpp:465
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.688]  info :  Trying to map user to the default UNIX name 'pcuser' { in mapNameWindowsToUnix() at src/name_mapping/secd_name_mapping.cpp:1415 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.691]  debug:  Get UserId and Group Id for UserName = pii_encrypt/hXMW1gVZt1t1P9wtY0AfVEId88G4vrNgDKEAj7+P1SY=/pii_encrypt   { in getIdsFromUserNameViaLibc() at src/authorization/secd_unix_authorization.cpp:137 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.697]  debug:  Calling nswrapper::getpwnam_r(), user name = pcuser  { in getUserInfoViaLibC() at src/utils/secd_ns_utils.cpp:419 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.957]  info :  Unix User Name found in Name Service Cache { in getUserInfoViaLibC() at src/utils/secd_ns_utils.cpp:421 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.963]  debug:  nswrapper::getpwnam_r() returned UserId = 65534, Gid = 65534, UserName = pii_encrypt/hXMW1gVZt1t1P9wtY0AfVEId88G4vrNgDKEAj7+P1SY=/pii_encrypt  { in getUserInfoViaLibC() at src/utils/secd_ns_utils.cpp:470 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.969]  debug:  _getUserPasswdInfo returned uid = 65534, gid = 65534, UserName = pii_encrypt/hXMW1gVZt1t1P9wtY0AfVEId88G4vrNgDKEAj7+P1SY=/pii_encrypt  { in _getUserInfo() at src/authorization/secd_unix_authorization.cpp:932 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.974]  info :  Mapped 'DOMAIN\USER1' to default UNIX user 'pii_encrypt/hXMW1gVZt1t1P9wtY0AfVEId88G4vrNgDKEAj7+P1SY=/pii_encrypt' { in mapNameWindowsToUnix() at src/name_mapping/secd_name_mapping.cpp:1421 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.982]  info :  Windows user 'OMAIN\USER1' mapped to UNIX user 'pii_encrypt/hXMW1gVZt1t1P9wtY0AfVEId88G4vrNgDKEAj7+P1SY=/pii_encrypt' { in secdGetUnixCredsForWindowsUser() at src/authentication/secd_rpc_auth.cpp:1143 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.985]  debug:  Get creds for UserName = pii_encrypt/hXMW1gVZt1t1P9wtY0AfVEId88G4vrNgDKEAj7+P1SY=/pii_encrypt   { in getCredsFromUserNameViaLibc() at src/authorization/secd_unix_authorization.cpp:87 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.521.234]  debug:  Mcached lookup return values for user, group and group membership are 0, 4, 0  { in _getUserInfo() at src/authorization/secd_unix_authorization.cpp:896 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.521.237]  debug:  All the details found in cache  { in _getUserInfo() at src/authorization/secd_unix_authorization.cpp:899 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.521.240]  debug:  Not adding group = 65534 to additional Gids  { in populateAdditonalGids() at src/authorization/secd_unix_authorization.cpp:677 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.521.245]  info :  Retrieved UNIX credentials for UNIX user 'pii_encrypt/hXMW1gVZt1t1P9wtY0AfVEId88G4vrNgDKEAj7+P1SY=/pii_encrypt'. Found UID 65534 { in secdGetUnixCredsForUnixUser() at src/authentication/secd_rpc_auth.cpp:1101 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.521.256]  debug:  SecD RPC Server sending reply to RPC 151: secd_rpc_auth_extended  { in secdSendRpcResponse() at src/server/secd_rpc_server.cpp:2273 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] 
• 托管用户配置文件的卷位于节点06上、我们发现SECD正在因请求而过载。