diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2015-04-28 13:16:51 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-05-12 11:25:21 +0200 |
commit | 601d193feba2d9859661b979c2a0d1d479d5cee8 (patch) | |
tree | e56a9162cf78f408ab61e1b33203d5d3bdfba795 /src/providers/ldap/ldap_id_enum.c | |
parent | a50b229c8ea1e22c9efa677760b94d8c48c3ec89 (diff) | |
download | sssd-601d193feba2d9859661b979c2a0d1d479d5cee8.tar.gz sssd-601d193feba2d9859661b979c2a0d1d479d5cee8.tar.xz sssd-601d193feba2d9859661b979c2a0d1d479d5cee8.zip |
LDAP: disable the cleanup task by default
Resolves:
https://fedorahosted.org/sssd/ticket/2627
The cleanup task was designed to keep the cache size within certain
limits. This is how it roughly works now:
- find users who have never logged in by default. If
account_cache_expiration is set, find users who loggged in later
than account_cache_expiration
- delete the matching set of users
- find groups that have no members
- delete the matching set of groups
So unless account_cache_expiration is set to something sensible, only empty
groups and expired users who never logged in are removed and that's quite
a corner case. The above effectivelly walks the whole database, especially
the groups step is quite slow with a huge database. The whole cleanup task
also runs in a single sysdb transaction, which means all other transactions
are blocked while the cleanup task crunches the database.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src/providers/ldap/ldap_id_enum.c')
-rw-r--r-- | src/providers/ldap/ldap_id_enum.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c index 1aec91a99..89c305c0d 100644 --- a/src/providers/ldap/ldap_id_enum.c +++ b/src/providers/ldap/ldap_id_enum.c @@ -27,6 +27,8 @@ #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap_async_enum.h" +#define LDAP_ENUM_PURGE_TIMEOUT 10800 + errno_t ldap_setup_enumeration(struct be_ctx *be_ctx, struct sdap_options *opts, struct sdap_domain *sdom, @@ -37,6 +39,7 @@ errno_t ldap_setup_enumeration(struct be_ctx *be_ctx, errno_t ret; time_t first_delay; time_t period; + time_t cleanup; bool has_enumerated; struct ldap_enum_ctx *ectx; @@ -65,6 +68,22 @@ errno_t ldap_setup_enumeration(struct be_ctx *be_ctx, first_delay = 0; } + cleanup = dp_opt_get_int(opts->basic, SDAP_CACHE_PURGE_TIMEOUT); + if (cleanup == 0) { + /* We need to cleanup the cache once in a while when enumerating, otherwise + * enumeration would only download deltas since the previous lastUSN and would + * not detect removed entries + */ + ret = dp_opt_set_int(opts->basic, SDAP_CACHE_PURGE_TIMEOUT, + LDAP_ENUM_PURGE_TIMEOUT); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot set cleanup timeout, enumeration wouldn't " + "detect removed entries!\n"); + return ret; + } + } + period = dp_opt_get_int(opts->basic, SDAP_ENUM_REFRESH_TIMEOUT); ectx = talloc(sdom, struct ldap_enum_ctx); |