Application taking longer time than expected to load user profiles due to SECD getting overloaded with LDAP requests
Applies to
- ONTAP 9
- FSXLogix Application
- CIFS
Issue
- Application taking more than 15 minutes to load user profiles.
- SECD logs shows all LDAP calls are overoading the secd:
2025-01-21 05:12:17 - 06:12:17+00:00 svm_741408d0a698492b99f7392a1197a195_93324047:LDAP (NIS & Name Mapping):GetUserInfoFromName:LDAP(Can't contact LDAP server):10.xx.xx.xx Can't contact LDAP server GetUserInfoFromName 1 2025-01-21 05:12:17 - 06:12:17+00:00 svm_741408d0a698492b99f7392a1197a195_93324047:LDAP (NIS & Name Mapping):GetUserInfoFromName:LDAP(Can't contact LDAP server):10.xx.xx.xx Can't contact LDAP server GetUserInfoFromName 5 2025-01-21 05:12:17 - 06:12:17+00:00 svm_741408d0a698492b99f7392a1197a195_93324047:LDAP (NIS & Name Mapping):GetUserInfoFromName:LDAP(No such object):10.xx.xx.xx No such object GetUserInfoFromName 8386 2025-01-21 05:12:17 - 06:12:17+00:00 svm_741408d0a698492b99f7392a1197a195_93324047:LDAP (NIS & Name Mapping):GetUserInfoFromName:LDAP(No such object):10.xx.xx.xx No such object GetUserInfoFromName 6541 2025-01-21 05:12:17 - 06:12:17+00:00 svm_741408d0a698492b99f7392a1197a195_93324047:LDAP (NIS & Name Mapping):GetUserInfoFromName:LDAP(No such object):10.xx.xx.xx No such object GetUserInfoFromName 4181 2025-01-21 05:12:17 - 06:12:17+00:00 svm_741408d0a698492b99f7392a1197a195_93324047:LDAP (NIS & Name Mapping):GetUserInfoFromName:LDAP(No such object):10.xx.xx.xx No such object GetUserInfoFromName 10237 2025-01-21 05:12:17 - 06:12:17+00:00 svm_741408d0a698492b99f7392a1197a195_93324047:LDAP (NIS & Name Mapping):GetUserInfoFromName:LDAP(No such object):10.xx.xx.xx No such object GetUserInfoFromName 24544 2025-01-21 05:12:17 - Users that are not in name-mapping cache, has to be checked from LDAP for name-map and as there is no response from LDAP those users are getting mapped to default pcuser.
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.659] ERR : RESULT_ERROR_SECD_USER_NOT_FOUND:6909 in getUserInfoViaLibC() at src/utils/secd_ns_utils.cpp:465
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.688] info : Trying to map user to the default UNIX name 'pcuser' { in mapNameWindowsToUnix() at src/name_mapping/secd_name_mapping.cpp:1415 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.691] debug: Get UserId and Group Id for UserName = pii_encrypt/hXMW1gVZt1t1P9wtY0AfVEId88G4vrNgDKEAj7+P1SY=/pii_encrypt { in getIdsFromUserNameViaLibc() at src/authorization/secd_unix_authorization.cpp:137 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.697] debug: Calling nswrapper::getpwnam_r(), user name = pcuser { in getUserInfoViaLibC() at src/utils/secd_ns_utils.cpp:419 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.957] info : Unix User Name found in Name Service Cache { in getUserInfoViaLibC() at src/utils/secd_ns_utils.cpp:421 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.963] debug: nswrapper::getpwnam_r() returned UserId = 65534, Gid = 65534, UserName = pii_encrypt/hXMW1gVZt1t1P9wtY0AfVEId88G4vrNgDKEAj7+P1SY=/pii_encrypt { in getUserInfoViaLibC() at src/utils/secd_ns_utils.cpp:470 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.969] debug: _getUserPasswdInfo returned uid = 65534, gid = 65534, UserName = pii_encrypt/hXMW1gVZt1t1P9wtY0AfVEId88G4vrNgDKEAj7+P1SY=/pii_encrypt { in _getUserInfo() at src/authorization/secd_unix_authorization.cpp:932 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.974] info : Mapped 'DOMAIN\USER1' to default UNIX user 'pii_encrypt/hXMW1gVZt1t1P9wtY0AfVEId88G4vrNgDKEAj7+P1SY=/pii_encrypt' { in mapNameWindowsToUnix() at src/name_mapping/secd_name_mapping.cpp:1421 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.982] info : Windows user 'OMAIN\USER1' mapped to UNIX user 'pii_encrypt/hXMW1gVZt1t1P9wtY0AfVEId88G4vrNgDKEAj7+P1SY=/pii_encrypt' { in secdGetUnixCredsForWindowsUser() at src/authentication/secd_rpc_auth.cpp:1143 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.520.985] debug: Get creds for UserName = pii_encrypt/hXMW1gVZt1t1P9wtY0AfVEId88G4vrNgDKEAj7+P1SY=/pii_encrypt { in getCredsFromUserNameViaLibc() at src/authorization/secd_unix_authorization.cpp:87 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.521.234] debug: Mcached lookup return values for user, group and group membership are 0, 4, 0 { in _getUserInfo() at src/authorization/secd_unix_authorization.cpp:896 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.521.237] debug: All the details found in cache { in _getUserInfo() at src/authorization/secd_unix_authorization.cpp:899 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.521.240] debug: Not adding group = 65534 to additional Gids { in populateAdditonalGids() at src/authorization/secd_unix_authorization.cpp:677 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.521.245] info : Retrieved UNIX credentials for UNIX user 'pii_encrypt/hXMW1gVZt1t1P9wtY0AfVEId88G4vrNgDKEAj7+P1SY=/pii_encrypt'. Found UID 65534 { in secdGetUnixCredsForUnixUser() at src/authentication/secd_rpc_auth.cpp:1101 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] | [003.521.256] debug: SecD RPC Server sending reply to RPC 151: secd_rpc_auth_extended { in secdSendRpcResponse() at src/server/secd_rpc_server.cpp:2273 }
Tue Jan 21 2025 10:15:18 +00:00 [kern_secd:info:11817] - The volume which is hosting the user profiles are present on node 06, where we see that the SECD is getting overloaded with requests.