|
|
In case libsss_nss_idmap provides timeout-enabled NSS API, use it.
This solves a problem of too long queries to an NSS backend with
traditional POSIX NSS API. In case SSSD takes too long to respond
to a query, corresponding 389-ds thread running schema-compat plugin
would stuck waiting that response. It can lead to an exhaustion of
389-ds threads.
A refactored interface to NSS backends is introduced with this commit.
A backend API looks like an API an NSS plugin has to implement in glibc
but also allows to handle timeout-based requests internally.
If backend implements timeout-enabled calls, then
backend_nss_set_timeout() function can be used to modify a per-context
state. There is no need for a caller to know whether backend supports
timeout-enabled calls because either way these calls are synchronous
and backend choice is done at compile-time.
schema-compat plugin uses 10 seconds as its default timeout. One can
change it via 'slapi-nss-timeout' attribute in the plugin config entry.
|
