| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; q=dns; s= | |
| default; b=xiFwczEslqINyfuhsF8sNTDmncMXzdloYHQLsOLh3YxCmK5vzqoNK | |
| LWo5lk7hbzc8eLq34DdEsk7o8YQEV4m0Nl/AhbkG54FV59NIf5VYA1OOFaPyuto7 | |
| FGgFfUBcuQ63B5TOS7LPTFYYYDg5VMpczHyizhZdmLJyYLTR4XtO6o= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; s=default; | |
| bh=kxpNUz7lUU2aq3ozhJxAAnPodww=; b=b1a4dOWsh68bWZf81TZNSSTwvcmD | |
| 5zEs+hbzvHiqEHdA0Iqzu3n0UP0cn3adbNiIZdduR3QN5vF0FGxTQGBnzalavpNm | |
| QEMzPkajdhc6EI8+NgDWL/xcYnMKi5xuikz48bvzGwXjTpjSJLwvU3IMw6Y5hsOm | |
| o3yRW7lV0krva98= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-5.2 required=5.0 tests=AWL,BAYES_05 autolearn=ham version=3.3.2 |
| X-HELO: | calimero.vinschen.de |
| Date: | Tue, 24 Jun 2014 17:58:51 +0200 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: timeout in LDAP access |
| Message-ID: | <20140624155851.GJ1803@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <F312783D-AD66-4614-922B-E44403C7E372 AT Denis-Excoffier DOT org> <20140617100011 DOT GL23700 AT calimero DOT vinschen DOT de> <C462E4F3-1E51-46DC-BD27-BC4786A5E8BB AT Denis-Excoffier DOT org> <20140618083304 DOT GV23700 AT calimero DOT vinschen DOT de> <20140618180102 DOT GA27055 AT calimero DOT vinschen DOT de> <FEEBC1A4-B147-45C1-A5AC-F5B9108E998F AT Denis-Excoffier DOT org> <20140623090959 DOT GA1803 AT calimero DOT vinschen DOT de> <C2FB35D9-AE47-4461-8A94-20605D5EB996 AT Denis-Excoffier DOT org> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <C2FB35D9-AE47-4461-8A94-20605D5EB996@Denis-Excoffier.org> |
| User-Agent: | Mutt/1.5.23 (2014-03-12) |
--h22Fi9ANawrtbNPX Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Jun 23 22:38, Denis Excoffier wrote: > On 2014-06-23 11:09, Corinna Vinschen wrote: > > On Jun 19 19:53, Denis Excoffier wrote: > >=20 > > Do you really *want* to enumerate 500K users when accessing the DCs > > remote over a slow DSL line? Isn't this a situation in which you'd > > rather like to avoid enumerating accounts or restrict it to an > > essential subset? That's what db_enum would be good for. > IMHO the line is not especially slow. Instead, the > server (and occasionally the client) is clobbered sometimes. For example = it > seems more difficult (ie timeout occurs more frequently) for a server > to output the last sid=E2=80=99s in a domain than to output a full PageSi= ze of > results. >=20 > Personally i don=E2=80=99t *want* to use /etc/nsswitch.conf at all. What = bothers me > is that the user does not get any indication of a timeout (and several su= ccessive > and unrelated timeouts may be met in a single invocation of getent). Ther= efore > even if all servers are up, the user has no means to know that the list i= s exhaustive. > If the timeout occurs for the last chunk this is not so important, but if= =20 > the timeout occurs in the middle it may be. That is the difference between > a large timeout and a timeout, say, too accurate. > [...] > >> 1) for most of the 100-sid chunks, the high timeout is not used, there= fore > >> the global penalty in delay is not so high. And perhaps a 120s timeout= is high > >> enough so that when it is met, we could abandon not only the current d= omain, > >> but also the whole search? > >=20 > > Would that be really a bright idea? Assuming your ADs (and their DCs) > > are in different remote locations, One of those connections being down > > would disable enumerating other domains. > It would be a means to have getent 'depend' on a unique timeout. > >=20 > >> 2) if value of timeout is not high enough (i have no figures=E2=80=A6)= , timeout may > >> occur when the PC is in fact occupied with other tasks (eg antivirus s= canning > >> or something else), unrelated to network delays or server latencies. > >=20 Stay tuned. I'm rewriting the LDAP access code to perform all critical LDAP calls in interruptible threads. The Windows LDAP calls don't provide any kind of synchronization, only timeouts. I hoped to get away with short timeouts but it seems I hoped in vain. So the next iteration of this code will not use any timeout other than the default LDAP network timeout of 2 minutes, but the calls will be interruptible by signals. I hope that fixes this the right way :} Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --h22Fi9ANawrtbNPX Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTqaA7AAoJEPU2Bp2uRE+g190P/2DhJlZfwnOTOCJHP0NNBnYw k7QbPmz87mxw6w58p05cg8MBWDfuhXu2XnPl/FCarnRFBA1DWHR9VqgNv+tTFVSn phFLt0R4CKv+gupczNPfVVe5mgA6/xH+lzIsLjexfCkZT3zoY5FHFIEKqYU5nlPK nyo6WXV3GBp+CYNBsQ0T29gvJHo5ilWnvoStcwzDF8MxG63+FFy+aLRwlX3JmgWl 4nK3Y0ucQm+eKpAo4mT6r9VY+jD394gh06RDYfVpoxZR1N10WUqnoKzYfA+7hOBm bDY1tVYbawDzVjFLEJS7W1J/iP67OV6G7VmRfDSpaDRQvYLbDbq458cmk4DhJUQB diRMrxYvPiAgJPT1+ZoNFNFBUoWtB4A9QZ/Hifng95Mzc15/NxQ2afNYDBA6xtUf oGZdce9euslO5EYi1054LbyRd46qx0v6UhOSWE0xMIyLr+sXPaQ7G2G1E32W+5FZ FmgyGW+jRwF27mbq3MMvLcIzynXPVo20FCeTiJKBwrto+jMaU3sZfir7OfbQRKe2 N0cW00OH0i/w71GT/XJkvaF9GF0WzLv0/XoLYi5DVliQJk7YMhptmkD7J5mj+xgl o/bhDXudrEu4rT9+InPEPjoh6l7OeF5HLv7RnaLHnQCyfSiD/27Y9SOFnR9EeS9H grWEucKbcnMqQiUXNWQ7 =QI5K -----END PGP SIGNATURE----- --h22Fi9ANawrtbNPX--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |