From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 14928 invoked by alias); 24 Jun 2014 15:59:16 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 14841 invoked by uid 89); 24 Jun 2014 15:59:15 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-5.2 required=5.0 tests=AWL,BAYES_05 autolearn=ham version=3.3.2 X-HELO: calimero.vinschen.de Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 24 Jun 2014 15:58:54 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id DF53D8E13F9; Tue, 24 Jun 2014 17:58:51 +0200 (CEST) Date: Tue, 24 Jun 2014 15:59:00 -0000 From: Corinna Vinschen To: cygwin@cygwin.com Subject: Re: timeout in LDAP access Message-ID: <20140624155851.GJ1803@calimero.vinschen.de> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <20140617100011.GL23700@calimero.vinschen.de> <20140618083304.GV23700@calimero.vinschen.de> <20140618180102.GA27055@calimero.vinschen.de> <20140623090959.GA1803@calimero.vinschen.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="h22Fi9ANawrtbNPX" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) X-SW-Source: 2014-06/txt/msg00380.txt.bz2 --h22Fi9ANawrtbNPX Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 2727 On Jun 23 22:38, Denis Excoffier wrote: > On 2014-06-23 11:09, Corinna Vinschen wrote: > > On Jun 19 19:53, Denis Excoffier wrote: > >=20 > > Do you really *want* to enumerate 500K users when accessing the DCs > > remote over a slow DSL line? Isn't this a situation in which you'd > > rather like to avoid enumerating accounts or restrict it to an > > essential subset? That's what db_enum would be good for. > IMHO the line is not especially slow. Instead, the > server (and occasionally the client) is clobbered sometimes. For example = it > seems more difficult (ie timeout occurs more frequently) for a server > to output the last sid=E2=80=99s in a domain than to output a full PageSi= ze of > results. >=20 > Personally i don=E2=80=99t *want* to use /etc/nsswitch.conf at all. What = bothers me > is that the user does not get any indication of a timeout (and several su= ccessive > and unrelated timeouts may be met in a single invocation of getent). Ther= efore > even if all servers are up, the user has no means to know that the list i= s exhaustive. > If the timeout occurs for the last chunk this is not so important, but if= =20 > the timeout occurs in the middle it may be. That is the difference between > a large timeout and a timeout, say, too accurate. > [...] > >> 1) for most of the 100-sid chunks, the high timeout is not used, there= fore > >> the global penalty in delay is not so high. And perhaps a 120s timeout= is high > >> enough so that when it is met, we could abandon not only the current d= omain, > >> but also the whole search? > >=20 > > Would that be really a bright idea? Assuming your ADs (and their DCs) > > are in different remote locations, One of those connections being down > > would disable enumerating other domains. > It would be a means to have getent 'depend' on a unique timeout. > >=20 > >> 2) if value of timeout is not high enough (i have no figures=E2=80=A6)= , timeout may > >> occur when the PC is in fact occupied with other tasks (eg antivirus s= canning > >> or something else), unrelated to network delays or server latencies. > >=20 Stay tuned. I'm rewriting the LDAP access code to perform all critical LDAP calls in interruptible threads. The Windows LDAP calls don't provide any kind of synchronization, only timeouts. I hoped to get away with short timeouts but it seems I hoped in vain. So the next iteration of this code will not use any timeout other than the default LDAP network timeout of 2 minutes, but the calls will be interruptible by signals. I hope that fixes this the right way :} Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --h22Fi9ANawrtbNPX Content-Type: application/pgp-signature Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTqaA7AAoJEPU2Bp2uRE+g190P/2DhJlZfwnOTOCJHP0NNBnYw k7QbPmz87mxw6w58p05cg8MBWDfuhXu2XnPl/FCarnRFBA1DWHR9VqgNv+tTFVSn phFLt0R4CKv+gupczNPfVVe5mgA6/xH+lzIsLjexfCkZT3zoY5FHFIEKqYU5nlPK nyo6WXV3GBp+CYNBsQ0T29gvJHo5ilWnvoStcwzDF8MxG63+FFy+aLRwlX3JmgWl 4nK3Y0ucQm+eKpAo4mT6r9VY+jD394gh06RDYfVpoxZR1N10WUqnoKzYfA+7hOBm bDY1tVYbawDzVjFLEJS7W1J/iP67OV6G7VmRfDSpaDRQvYLbDbq458cmk4DhJUQB diRMrxYvPiAgJPT1+ZoNFNFBUoWtB4A9QZ/Hifng95Mzc15/NxQ2afNYDBA6xtUf oGZdce9euslO5EYi1054LbyRd46qx0v6UhOSWE0xMIyLr+sXPaQ7G2G1E32W+5FZ FmgyGW+jRwF27mbq3MMvLcIzynXPVo20FCeTiJKBwrto+jMaU3sZfir7OfbQRKe2 N0cW00OH0i/w71GT/XJkvaF9GF0WzLv0/XoLYi5DVliQJk7YMhptmkD7J5mj+xgl o/bhDXudrEu4rT9+InPEPjoh6l7OeF5HLv7RnaLHnQCyfSiD/27Y9SOFnR9EeS9H grWEucKbcnMqQiUXNWQ7 =QI5K -----END PGP SIGNATURE----- --h22Fi9ANawrtbNPX--