X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:content-type:mime-version:subject:from
	:in-reply-to:date:message-id:references:to; q=dns; s=default; b=
	A2arWdcGsPnzQciFFasT1c6MOSZeAV3BE1itnsXeJkLxxuxdhAB+ccCrk2v4ojzM
	FkZ8aaEVBntr9qxV3meXt+PWpuOELsZAzN7zNRYDrzP1viDARdE6J/43juCoVBtN
	P/n57G91E0GBp7KNd4bQHFTjNG3SIi4GDft9bgrvqcQ=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:content-type:mime-version:subject:from
	:in-reply-to:date:message-id:references:to; s=default; bh=cvNlhE
	QklCVmRLVrdnM1qh4KYgw=; b=Z3vea/6M4Cvjwl83tcNZC7Da39Ol7FxNa1wVTV
	kYzmqvkbFnns9hD6ALfQPOcCOXOL5LgPJ32ooJ36q/+lPjZCVbiws+323C+MN27v
	QUAbBlvQ61bDQ9bqHvI0Qwq8t5I2GdjKWbnd6tgkgMw96ckh7fR/+wN8J08NPrFD
	n87uA=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-1.4 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2
X-HELO:	smtp3-g21.free.fr
Mime-Version:	1.0 (Mac OS X Mail 7.3 \(1878.6\))
Subject:	Re: timeout in LDAP access
From:	Denis Excoffier <cygwin AT Denis-Excoffier DOT org>
In-Reply-To:	<20140709101256.GD26447@calimero.vinschen.de>
Date:	Sat, 12 Jul 2014 15:39:36 +0200
Message-Id:	<BA09D7D8-96E6-431F-9434-8BA8A2AB4952@Denis-Excoffier.org>
References:	<FEEBC1A4-B147-45C1-A5AC-F5B9108E998F AT Denis-Excoffier DOT org> <20140623090959 DOT GA1803 AT calimero DOT vinschen DOT de> <C2FB35D9-AE47-4461-8A94-20605D5EB996 AT Denis-Excoffier DOT org> <20140624155851 DOT GJ1803 AT calimero DOT vinschen DOT de> <20140625101526 DOT GO1803 AT calimero DOT vinschen DOT de> <E760D646-FFCB-434C-B990-7783DC011326 AT Denis-Excoffier DOT org> <20140625211355 DOT GA25116 AT calimero DOT vinschen DOT de> <E3509AAC-C4A0-4293-988F-E94BF2421180 AT free DOT fr> <20140707110714 DOT GJ1803 AT calimero DOT vinschen DOT de> <19B9F8D8-7FD6-4A7B-AC83-BBF8D152319D AT Denis-Excoffier DOT org> <20140709101256 DOT GD26447 AT calimero DOT vinschen DOT de>
To:	cygwin AT cygwin DOT com

--Apple-Mail=_3A69F904-4736-4E3F-91C6-6771B0DD3995
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=windows-1252

On 2014-07-09 12:12 Corinna Vinschen wrote:
>>=20
>> I have encountered this case in real life. The domain admins have set
>> the trustPosixOffset of the secondary domain to zero. This value is ther=
efore
>> never recorded and the cldap->open occurs again and again.
>=20
> Ouch.  Why on earth are admins doing this?  There's no way to
> workaround this reliably.
>=20
Reliably i don=92t know. I=92ve modified uinfo.cc in order that the special=
 value
for td->PosixOffset is no longer 0. Taking into account that LDAP_SERVER_DO=
WN
is now recognized, my =91getent passwd=92 executes gracefully in 40 minutes
(instead of 60) and =91getent group=92 in 25 minutes (instead of 90). Also =
quicker
is =91mkpasswd -d secondary_domain=92 of course. Patch attached.

Regards,

Denis Excoffier.


--Apple-Mail=_3A69F904-4736-4E3F-91C6-6771B0DD3995
Content-Disposition: attachment;
	filename=posixoffset.patch
Content-Type: application/octet-stream;
	name="posixoffset.patch"
Content-Transfer-Encoding: 7bit

diff -uNr cygwin-snapshot-20140709-1-o/winsup/cygwin/uinfo.cc cygwin-snapshot-20140709-1-p/winsup/cygwin/uinfo.cc
--- cygwin-snapshot-20140709-1-o/winsup/cygwin/uinfo.cc	2014-07-09 14:10:50.000000000 +0200
+++ cygwin-snapshot-20140709-1-p/winsup/cygwin/uinfo.cc	2014-07-11 13:16:07.671916100 +0200
@@ -35,6 +35,8 @@
 #include "ldap.h"
 #include "cygserver_pwdgrp.h"
 
+#define CYG_LDAP_IMPROBABLE_POSIXOFFSET	1111111111	/* 0 would be too probable */
+
 /* Initialize the part of cygheap_user that does not depend on files.
    The information is used in shared.cc for the user shared.
    Final initialization occurs in uinfo_init */
@@ -853,8 +855,9 @@
 	      tdom[idx].DomainSid = cmalloc_abort(HEAP_BUF, len);
 	      RtlCopySid (len, tdom[idx].DomainSid, td[idx].DomainSid);
 	    }
-	  /* ...and set PosixOffset to 0.  This */
-	  tdom[idx].PosixOffset = 0;
+	  /* ...and set PosixOffset to CYG_LDAP_IMPROBABLE_POSIXOFFSET to mean
+	     that the offset is still to be fetched */
+	  tdom[idx].PosixOffset = CYG_LDAP_IMPROBABLE_POSIXOFFSET;
 	}
       NetApiBufferFree (td);
       tdom_count = tdom_cnt;
@@ -1139,7 +1142,7 @@
 {
   uint32_t id_val;
 
-  if (!td->PosixOffset && !(td->Flags & DS_DOMAIN_PRIMARY) && td->DomainSid)
+  if (td->PosixOffset == CYG_LDAP_IMPROBABLE_POSIXOFFSET && !(td->Flags & DS_DOMAIN_PRIMARY) && td->DomainSid)
     {
       if (cldap->open (NULL) != NO_ERROR)
 	{
@@ -1151,13 +1154,14 @@
 	}
       else
 	id_val = cldap->fetch_posix_offset_for_domain (td->DnsDomainName);
-      if (id_val)
+      if (id_val != CYG_LDAP_IMPROBABLE_POSIXOFFSET)
 	{
 	  td->PosixOffset = id_val;
 	  if (id_val < cygheap->dom.lowest_tdo_posix_offset)
 	    cygheap->dom.lowest_tdo_posix_offset = id_val;
 
 	}
+      debug_printf ("computing PosixOffset for domain %W, found %u", td->DnsDomainName, td->PosixOffset);
     }
   return td->PosixOffset;
 }


--Apple-Mail=_3A69F904-4736-4E3F-91C6-6771B0DD3995
Content-Type: text/plain; charset=us-ascii

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
--Apple-Mail=_3A69F904-4736-4E3F-91C6-6771B0DD3995--

- Raw text -