summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2010-12-08 15:47:29 -0500
committerStephen Gallagher <sgallagh@redhat.com>2010-12-17 16:16:27 -0500
commit6c4661b78edafbd5b44e0c6319243e6671260bd0 (patch)
tree08ee9b3773deca99e6e3c07bb917abaf6413e510 /src
parent5dca77263340b272bfa51de0fe9729fa4a292306 (diff)
downloadsssd-6c4661b78edafbd5b44e0c6319243e6671260bd0.tar.gz
sssd-6c4661b78edafbd5b44e0c6319243e6671260bd0.tar.xz
sssd-6c4661b78edafbd5b44e0c6319243e6671260bd0.zip
Start first enumeration immediately
Previously, we would wait for ten seconds before starting an enumeration. However, this meant that on the first startup (before we had run our first enumeration) there was a ten-second window where clients would immediately get back a response with no entries instead of blocking until the enumeration completed. With this patch, SSSD will now run an enumeration immediately upon startup. Further startups will retain the ten-second delay so as not to slow down system bootups. https://fedorahosted.org/sssd/ticket/616
Diffstat (limited to 'src')
-rw-r--r--src/man/sssd.conf.5.xml5
-rw-r--r--src/providers/ldap/ldap_common.c31
-rw-r--r--src/providers/ldap/ldap_id_enum.c14
3 files changed, 47 insertions, 3 deletions
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 2bba38050..7392dd093 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -513,6 +513,11 @@
processing.
</para>
<para>
+ While the first enumeration is running, requests
+ for the complete user or group lists may return
+ no results until it completes.
+ </para>
+ <para>
Further, enabling enumeration may increase the time
necessary to detect network disconnection, as
longer timeouts are required to ensure that
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 9945b4b13..a38d5cc20 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -415,12 +415,37 @@ int sdap_id_setup_tasks(struct sdap_id_ctx *ctx)
struct timeval tv;
int ret = EOK;
int delay;
+ bool has_enumerated;
/* set up enumeration task */
if (ctx->be->domain->enumerate) {
- /* run the first one in a couple of seconds so that we have time to
- * finish initializations first*/
- tv = tevent_timeval_current_ofs(10, 0);
+ /* If this is the first startup, we need to kick off
+ * an enumeration immediately, to close a window where
+ * clients requesting get*ent information won't get an
+ * immediate reply with no entries
+ */
+ ret = sysdb_has_enumerated(ctx->be->sysdb,
+ ctx->be->domain,
+ &has_enumerated);
+ if (ret != EOK) {
+ return ret;
+ }
+ if (has_enumerated) {
+ /* At least one enumeration has previously run,
+ * so clients will get cached data. We will delay
+ * starting to enumerate by 10s so we don't slow
+ * down the startup process if this is happening
+ * during system boot.
+ */
+ tv = tevent_timeval_current_ofs(10, 0);
+ } else {
+ /* This is our first startup. Schedule the
+ * enumeration to start immediately once we
+ * enter the mainloop.
+ */
+ tv = tevent_timeval_current();
+ }
+
ret = ldap_id_enumerate_set_timer(ctx, tv);
} else {
/* the enumeration task, runs the cleanup process by itself,
diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c
index f2ac8c6a9..8695f3550 100644
--- a/src/providers/ldap/ldap_id_enum.c
+++ b/src/providers/ldap/ldap_id_enum.c
@@ -134,12 +134,26 @@ static void ldap_id_enumerate_reschedule(struct tevent_req *req)
uint64_t err;
struct timeval tv;
int delay;
+ errno_t ret;
if (tevent_req_is_error(req, &tstate, &err)) {
/* On error schedule starting from now, not the last run */
tv = tevent_timeval_current();
} else {
tv = ctx->last_enum;
+
+ /* Ok, we've completed an enumeration. Save this to the
+ * sysdb so we can postpone starting up the enumeration
+ * process on the next SSSD service restart (to avoid
+ * slowing down system boot-up
+ */
+ ret = sysdb_set_enumerated(ctx->be->sysdb,
+ ctx->be->domain,
+ true);
+ if (ret != EOK) {
+ DEBUG(1, ("Could not mark domain as having enumerated.\n"));
+ /* This error is non-fatal, so continue */
+ }
}
talloc_zfree(req);