From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 31826 invoked by alias); 17 Jun 2014 22:41:40 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 31744 invoked by uid 89); 17 Jun 2014 22:41:39 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.3 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 X-HELO: smtp3-g21.free.fr Received: from smtp3-g21.free.fr (HELO smtp3-g21.free.fr) (212.27.42.3) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 17 Jun 2014 22:41:38 +0000 Received: from [192.168.0.11] (unknown [78.224.52.79]) by smtp3-g21.free.fr (Postfix) with ESMTP id 90A22A61BC; Wed, 18 Jun 2014 00:41:35 +0200 (CEST) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) Subject: Re: timeout in LDAP access From: Denis Excoffier In-Reply-To: <20140617100011.GL23700@calimero.vinschen.de> Date: Tue, 17 Jun 2014 22:41:00 -0000 Content-Transfer-Encoding: quoted-printable Message-Id: References: <20140617100011.GL23700@calimero.vinschen.de> To: cygwin@cygwin.com X-SW-Source: 2014-06/txt/msg00246.txt.bz2 Hi Corinna, On 2014-06-17 12:00, Corinna Vinschen wrote: >=20 > So I expect an LDAP_SUCCESS with ldap_count_entries() =3D=3D 0 and then > repeat the request. But the code doesn't expect LDAP_TIMEOUT in this > case. Do I have to handle LDAP_TIMEOUT here as well? LDAP_TIMEOUT can occur there. I can even suppose it occurs more frequently for the _last_ 100-sid chunk (eg there are 5868 users in a domain, and timeout occurs after 5800 and the last 68 get lost). But it can also occur after 27 chunks while about 350000 users are still to be read in a given domain (yes, that makes about 352700 users in a single doma= in). I=92m pretty convinced today that 300 is more than enough, and that with 3,= only one or two timeouts are to be expected for an AD with 500000 users and not = so many domains (50 or 100). The flaw is that as soon as the first timeout occ= urs, the whole rest of the current domain is skipped, which can be much in some = cases. ldap_get_next_page_s() should perhaps deserve a second chance (with timeout= 30s). After all, this function is called 3527 times (for the same domain). Also a simple observation: if LDAP_TIMEOUT is not to be expected, what is t= he use of this timeval* parameter in ldap_get_next_page_s()? > I'm wondering if the timeout, at least for enumerating accounts, should > go away entirely. In case of a connection problem this could result in > a hang for about 2 minutes by default I think (LDAP_OPT_PING_LIMIT). I think i like this (it it works). But in this case, it will not resume to the next domain, and the whole operation (eg getent) is interrupted? Regards, Denis Excoffier. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple