X-Recipient: archive-cygwin@delorie.com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:content-type:mime-version:subject:from :in-reply-to:date:content-transfer-encoding:message-id :references:to; q=dns; s=default; b=U2ji3zS91ulHj9YdB9ZAf4nhYQhC zdZFHNO3GvEV/2F8eWCUQAmaRMaR19YlJnYF+pCZtyslGGbZpFkVYIb5ti6xaKVz ILj3UfTBJ7BL5RDL05wK+m/Qkqa6y+NY5RFY4rUJitjGxdAl+lopLSQfHT2rrTii NS+8lIHisAvekLk= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:content-type:mime-version:subject:from :in-reply-to:date:content-transfer-encoding:message-id :references:to; s=default; bh=ovhLEkVL8ndozY//ne6qXIfghN4=; b=GE 6pEElnlsQ2PxDsaeE66i9haHdRAoRJGMCiU32HfAhIWfDNZAAk+HrnwhKBNIba1W lI4Zk2mBlZ/QiH/w9ogFTSVI9PR48V3i7WPFfRJZUzLTFqllxJMVyVI2uETrW8Fx YZ0tEG7o26ioGBtpu4LyUhpKLQKv7PcrW1YkFi/Pk= Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.3 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 X-HELO: smtp3-g21.free.fr Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) Subject: Re: timeout in LDAP access From: Denis Excoffier In-Reply-To: <20140617100011.GL23700@calimero.vinschen.de> Date: Wed, 18 Jun 2014 00:41:35 +0200 Message-Id: References: <20140617100011.GL23700@calimero.vinschen.de> To: cygwin@cygwin.com Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id s5HMfwmZ013954 Hi Corinna, On 2014-06-17 12:00, Corinna Vinschen wrote: > > So I expect an LDAP_SUCCESS with ldap_count_entries() == 0 and then > repeat the request. But the code doesn't expect LDAP_TIMEOUT in this > case. Do I have to handle LDAP_TIMEOUT here as well? LDAP_TIMEOUT can occur there. I can even suppose it occurs more frequently for the _last_ 100-sid chunk (eg there are 5868 users in a domain, and timeout occurs after 5800 and the last 68 get lost). But it can also occur after 27 chunks while about 350000 users are still to be read in a given domain (yes, that makes about 352700 users in a single domain). I’m pretty convinced today that 300 is more than enough, and that with 3, only one or two timeouts are to be expected for an AD with 500000 users and not so many domains (50 or 100). The flaw is that as soon as the first timeout occurs, the whole rest of the current domain is skipped, which can be much in some cases. ldap_get_next_page_s() should perhaps deserve a second chance (with timeout 30s). After all, this function is called 3527 times (for the same domain). Also a simple observation: if LDAP_TIMEOUT is not to be expected, what is the use of this timeval* parameter in ldap_get_next_page_s()? > I'm wondering if the timeout, at least for enumerating accounts, should > go away entirely. In case of a connection problem this could result in > a hang for about 2 minutes by default I think (LDAP_OPT_PING_LIMIT). I think i like this (it it works). But in this case, it will not resume to the next domain, and the whole operation (eg getent) is interrupted? Regards, Denis Excoffier. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple