-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/13/2010 08:15 AM, Sumit Bose wrote:
>> We discussed this issue on irc and agreed that there will be no direct
>> fix to close this window, but a paragraph in the man page explaining
>> that there might be a small chance that during the first
>> enum_cache_timeout seconds a enumeration request like 'getent passwd'
>> will return no results.
I opted to add a paragraph to the enumerate option instead, specifying
that during the first enumeration, requests for all users or groups may
return no results.
New patch attached. Thanks for the review.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAk0KaMIACgkQeiVVYja6o6PMVgCgpQJbgIDiEokygq2GMsp4svcL
PKIAn07AV5yLt/7s4KR09ZZy0eOk7/vz
=YuTP
-----END PGP SIGNATURE-----
From
3153b6097ceef650294f54f368c82e1d6186760c Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh(a)redhat.com>
Date: Wed, 8 Dec 2010 15:47:29 -0500
Subject: [PATCH] Start first enumeration immediately
Previously, we would wait for ten seconds before starting an
enumeration. However, this meant that on the first startup (before
we had run our first enumeration) there was a ten-second window
where clients would immediately get back a response with no
entries instead of blocking until the enumeration completed.
With this patch, SSSD will now run an enumeration immediately upon
startup. Further startups will retain the ten-second delay so as
not to slow down system bootups.
https://fedorahosted.org/sssd/ticket/616
---
src/man/sssd.conf.5.xml | 5 +++++
src/providers/ldap/ldap_common.c | 31 ++++++++++++++++++++++++++++---
src/providers/ldap/ldap_id_enum.c | 14 ++++++++++++++
3 files changed, 47 insertions(+), 3 deletions(-)
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 2bba38050fe2653ea7b471d1522491340c4069ef..7392dd0931ab015a58520eea93f34d798758b441
100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -513,6 +513,11 @@
processing.
</para>
<para>
+ While the first enumeration is running, requests
+ for the complete user or group lists may return
+ no results until it completes.
+ </para>
+ <para>
Further, enabling enumeration may increase the time
necessary to detect network disconnection, as
longer timeouts are required to ensure that
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 9945b4b137f9b2659235e213ebe20c3509203e63..a38d5cc2081677962c07c6b621519b5c82d1a78d
100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -415,12 +415,37 @@ int sdap_id_setup_tasks(struct sdap_id_ctx *ctx)
struct timeval tv;
int ret = EOK;
int delay;
+ bool has_enumerated;
/* set up enumeration task */
if (ctx->be->domain->enumerate) {
- /* run the first one in a couple of seconds so that we have time to
- * finish initializations first*/
- tv = tevent_timeval_current_ofs(10, 0);
+ /* If this is the first startup, we need to kick off
+ * an enumeration immediately, to close a window where
+ * clients requesting get*ent information won't get an
+ * immediate reply with no entries
+ */
+ ret = sysdb_has_enumerated(ctx->be->sysdb,
+ ctx->be->domain,
+ &has_enumerated);
+ if (ret != EOK) {
+ return ret;
+ }
+ if (has_enumerated) {
+ /* At least one enumeration has previously run,
+ * so clients will get cached data. We will delay
+ * starting to enumerate by 10s so we don't slow
+ * down the startup process if this is happening
+ * during system boot.
+ */
+ tv = tevent_timeval_current_ofs(10, 0);
+ } else {
+ /* This is our first startup. Schedule the
+ * enumeration to start immediately once we
+ * enter the mainloop.
+ */
+ tv = tevent_timeval_current();
+ }
+
ret = ldap_id_enumerate_set_timer(ctx, tv);
} else {
/* the enumeration task, runs the cleanup process by itself,
diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c
index f2ac8c6a93b821eb89e8c22f8170bebad8d68950..8695f35502e916f0a9201de2b267db05276d1c64
100644
--- a/src/providers/ldap/ldap_id_enum.c
+++ b/src/providers/ldap/ldap_id_enum.c
@@ -134,12 +134,26 @@ static void ldap_id_enumerate_reschedule(struct tevent_req *req)
uint64_t err;
struct timeval tv;
int delay;
+ errno_t ret;
if (tevent_req_is_error(req, &tstate, &err)) {
/* On error schedule starting from now, not the last run */
tv = tevent_timeval_current();
} else {
tv = ctx->last_enum;
+
+ /* Ok, we've completed an enumeration. Save this to the
+ * sysdb so we can postpone starting up the enumeration
+ * process on the next SSSD service restart (to avoid
+ * slowing down system boot-up
+ */
+ ret = sysdb_set_enumerated(ctx->be->sysdb,
+ ctx->be->domain,
+ true);
+ if (ret != EOK) {
+ DEBUG(1, ("Could not mark domain as having enumerated.\n"));
+ /* This error is non-fatal, so continue */
+ }
}
talloc_zfree(req);
--
1.7.3.3
_______________________________________________
sssd-devel mailing list
sssd-devel(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel