HP-UX: audisp calls made by NetIQ UNIX Agent can cause excess cpu use in LDAP environments

Document ID:7007510
Creation Date:22-May-2012
Modified Date:22-May-2012
- Micro Focus Products:
  Security Manager

Environment

HP-UX
HP-UX LDAP Authentication
NetIQ Security Manager
NetIQ UNIX Agent

Situation

The NetIQ UNIX Agent runs frequent instances of the auditsp command to record system auditing information. Running auditsp on HP-UX systems using LDAP authentication results in increased load on LDAP servers due to HP-UX remote UID/GUID translation.

Resolution

Install patch PHCO_42672 from Hewlett Packard.

Cause

PHCO_42672: (QX:QXCR1001142965)
Audit display command (audisp) utilizes more CPU since it contacts LDAP server for every new user record to display, and had a poor search logic that was resulting in a cumbersome extensive search in larger LDAP implementations.

This problem is fixed by constructing a table with the required user information, and use them instead of contacting LDAP server for every instance to fetch the user information

Additional Information

You will need an active support agreement with HP to access HP-UX patch PHCO_42672.

HP-UX patches @ hp.com