HP-UX: audisp calls made by NetIQ UNIX Agent can cause excess cpu use in LDAP environments

  • 7007510
  • 22-May-2012
  • 22-May-2012

Environment

  • HP-UX
  • HP-UX LDAP Authentication
  • NetIQ Security Manager
  • NetIQ UNIX Agent

Situation

The NetIQ UNIX Agent runs frequent instances of the auditsp command to record system auditing information. Running auditsp on HP-UX systems using LDAP authentication results in increased load on LDAP servers due to HP-UX remote UID/GUID translation.

Resolution

Install patch PHCO_42672 from Hewlett Packard.

Cause

  • PHCO_42672: (QX:QXCR1001142965)
    Audit display command (audisp) utilizes more CPU since it contacts LDAP server for every new user record to display, and had a poor search logic that was resulting in a cumbersome extensive search in larger LDAP implementations.

    This problem is fixed by constructing a table with the required user information, and use them instead of contacting LDAP server for every instance to fetch the user information

Additional Information

You will need an active support agreement with HP to access HP-UX patch PHCO_42672.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.