If you have a lot of groups or very large groups, cyrus-imapd login can become
quite slow due to the way cyrus-imapd handles groups. This may become worse
when using nss_ldap or other slow nss backends to resolve groups.
Caching using nscd can increase speed dramatically but unfortunately not for
all functions cyrus-imapd may use. nscd helps speeding up getgrouplist() calls
but not getgrent() calls, which are used by cyrus-imapd < 2.3.10 or if
getgrouplist() is not available.
The groupfile patch implements a quick fix to the problem by using a separate
group.cache file to speed up those operations using getgrent() calls.
Calls to getgrnam() are not touched which means that the group.cache
file must be kept in sync with the group source you are using with nss
configured in /etc/nsswitch.conf. If group.cache doesn't exist,
the patch has no effect and cyrus-imapd handles groups through getgrouplist()
or getgrent().
Quick HOWTO:
- configure group lookup in /etc/nsswitch.conf if not already done
- configure name service cache in /etc/nscd.conf (not mandatory)
- start nscd with "service nscd start" (not mandatory)
- configure a service which periodically updates the group.cache file using the
upd_groupcache script. Either set up a cronjob or use a event in the cyrus
configuration.
Sample /etc/cyrus.conf event to update the group cache every 10 minutes:
EVENTS {
# some events removed here ***
...........................***
# this is only necessary if using group cache feature
groupcache cmd="upd_groupcache" period=10
}