| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; q=dns; s= | |
| default; b=u0dxkA4Whi2Odfdh1e6ZRlzp5xZkPet0pM8kULRB9fvrj7dnhKEAI | |
| AUygfdh3IX0GLEqPzyd0au9N1Rs1nkACqbloXLCoKkDd1QA8vzQLVrWOCzhx1RXx | |
| yLUKxcbudnmmUBEcQlwQPpT57o8u341Eo/pLR8nLc47hDCgE90peio= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:date:from:to:subject:message-id:reply-to | |
| :references:mime-version:content-type:in-reply-to; s=default; | |
| bh=7tO+rlaGZjMBXC+g27CcjSChBWA=; b=I0+DtQwIZN1MjKNF1JLAJuto8l0v | |
| yMpDy26CKolTwdwuGFhKi6etnxwe1lWXltAQLUsJym52jaMPwUSWkIKH9IPfkIIJ | |
| HbKhvVRpHArtt/CUkFqppYyY4KYR9a7J6M7y1sKA0P0hBDG0+3y/T9gUbLJo+rpx | |
| mPmsAN6tRaXPTx0= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2 |
| X-HELO: | calimero.vinschen.de |
| Date: | Mon, 14 Jul 2014 11:51:07 +0200 |
| From: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: timeout in LDAP access |
| Message-ID: | <20140714095107.GB10401@calimero.vinschen.de> |
| Reply-To: | cygwin AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <C2FB35D9-AE47-4461-8A94-20605D5EB996 AT Denis-Excoffier DOT org> <20140624155851 DOT GJ1803 AT calimero DOT vinschen DOT de> <20140625101526 DOT GO1803 AT calimero DOT vinschen DOT de> <E760D646-FFCB-434C-B990-7783DC011326 AT Denis-Excoffier DOT org> <20140625211355 DOT GA25116 AT calimero DOT vinschen DOT de> <E3509AAC-C4A0-4293-988F-E94BF2421180 AT free DOT fr> <20140707110714 DOT GJ1803 AT calimero DOT vinschen DOT de> <19B9F8D8-7FD6-4A7B-AC83-BBF8D152319D AT Denis-Excoffier DOT org> <20140709101256 DOT GD26447 AT calimero DOT vinschen DOT de> <BA09D7D8-96E6-431F-9434-8BA8A2AB4952 AT Denis-Excoffier DOT org> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <BA09D7D8-96E6-431F-9434-8BA8A2AB4952@Denis-Excoffier.org> |
| User-Agent: | Mutt/1.5.23 (2014-03-12) |
--nFreZHaLTZJo0R7j Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Jul 12 15:39, Denis Excoffier wrote: > On 2014-07-09 12:12 Corinna Vinschen wrote: > >>=20 > >> I have encountered this case in real life. The domain admins have set > >> the trustPosixOffset of the secondary domain to zero. This value is th= erefore > >> never recorded and the cldap->open occurs again and again. > >=20 > > Ouch. Why on earth are admins doing this? There's no way to > > workaround this reliably. > >=20 > Reliably i don=E2=80=99t know. I=E2=80=99ve modified uinfo.cc in order th= at the special value > for td->PosixOffset is no longer 0. Taking into account that LDAP_SERVER_= DOWN > is now recognized, my =E2=80=98getent passwd=E2=80=99 executes gracefully= in 40 minutes > (instead of 60) and =E2=80=98getent group=E2=80=99 in 25 minutes (instead= of 90). Also quicker > is =E2=80=98mkpasswd -d secondary_domain=E2=80=99 of course. Patch attach= ed. That won't work. It works around your immediate problem by defining a non-0 start value, no doubt about that, but it doesn't fix the underlying problem. A POSIX offset of 0 is bad. If other trusted domains have no functional POSIX offset value, but are set to 0 instead, they won't have different UID values for accounts of different domains. Two users from different domains, both with RID 1000 will both have UID 1000 in Cygwin. Also, the lower UID numbers are reserved for special accounts. There is no guarantee that there won't be a collision at some point of the 32 bit UID spectrum, but a POSIX offset of 0 will almost guarantee the collision. There are two ways to workaround that. - The better solution is to inform your IT of the problem. - The not so well one is to enhance /etc/nsswitch.conf to allow to define POSIX offsets for domains indepedent of the AD setting. Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --nFreZHaLTZJo0R7j Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTw6gLAAoJEPU2Bp2uRE+gDdQP/0yXzdXKrGeFWoIlhPaFePOy gA760gjQulP0f0mIGeDvxg5oOnwcOGvQkwU7peGzGOHK3KCu0LLURTiwqflDodAg jziD1lFZzUKOXzwfRATVEFsW4XQeR0JIQpXWDpoxOmp651TaKuj8NW6rg77dK5Z0 tvB2qFbMHc8OpHY8EODF9oZIJh8G68NcSKpMkPr7C9cv3phw5HC/WfNKXSVlzWtI 8bisNTSL4quf3YB3J3/tJyVl7mNhXeftU6CMy7LKBX91802cPsZYVr6OdjpFLCkl 48i7Muk4pxH5XzmDMPruLVqu9seSKkoazm7lUE8PcdOM4hI7njpgY6ulXXsV4HDT uSoxEBVaTd6nwKJh/1cjLrntZ9ntvRfqCR/nx5gi/0pdl4Xxff86dJ+bmKZ7aDUK aRukF6tV1AtRpugwFDNicHh6djqJoaDklUzimQnbu2nWw0hGdtyMMO8JBFvBwlVy iC8AHuztGwN3XMIBtywcIoy+v49RjuOYWi1Bo8QTG5nTmv34lpwLz6esP1a4u6OP vPNgWvH8z0BfVOPUXtH9iKXbhDzb9pjURPwuKg/h3oIvndvcsx0L70GfxbS0vvTz 0ZIQoPmW7kUY1kXt6yk4xUeFZlv2+pJ1Nq1SAs24cGuzoyt+kX6zZk7GGvqaWM9q RqW5Pw9Y9XC+g6ZrtCVl =UwFn -----END PGP SIGNATURE----- --nFreZHaLTZJo0R7j--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |