From 29993ce4fbdf08f28077f4b6824c8b6b8d616cb8 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 12 Jan 2011 11:32:42 +0100 Subject: Add ldap_search_enumeration_timeout config option --- src/config/SSSDConfig.py | 1 + src/config/etc/sssd.api.d/sssd-ldap.conf | 1 + src/man/sssd-ldap.5.xml | 28 +++++++++++++++++++++++----- src/providers/ipa/ipa_access.c | 6 +++--- src/providers/ipa/ipa_common.c | 5 +++-- src/providers/ipa/ipa_common.h | 2 +- src/providers/ldap/ldap_common.c | 5 +++-- src/providers/ldap/ldap_id_enum.c | 4 ++-- src/providers/ldap/sdap.h | 1 + 9 files changed, 38 insertions(+), 15 deletions(-) diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index d23641c9d..b3861a553 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -140,6 +140,7 @@ option_strings = { # [provider/ldap/id] 'ldap_search_timeout' : _('Length of time to wait for a search request'), + 'ldap_enumeration_search_timeout' : _('Length of time to wait for a enumeration request'), 'ldap_enumeration_refresh_timeout' : _('Length of time between enumeration updates'), 'ldap_purge_cache_timeout' : _('Length of time between cache cleanups'), 'ldap_id_use_start_tls' : _('Require TLS for ID lookups'), diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index c2179f2da..8aaecd5db 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -27,6 +27,7 @@ ldap_deref = str, None, false [provider/ldap/id] ldap_search_timeout = int, None, false +ldap_enumeration_search_timeout = int, None, false ldap_enumeration_refresh_timeout = int, None, false ldap_purge_cache_timeout = int, None, false ldap_id_use_start_tls = bool, None, true, false diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index 7a7334622..175ec3568 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -718,14 +718,32 @@ ldap_search_timeout (integer) - Specifies the timeout (in seconds) that ldap searches + Specifies the timeout (in seconds) that ldap + searches are allowed to run before they are + cancelled and cached results are returned (and + offline mode is entered) + + + Note: this option is subject to change in future + versions of the SSSD. It will likely be replaced at + some point by a series of timeouts for specific + lookup types. + + + Default: 6 + + + + + + ldap_enumeration_search_timeout (integer) + + + Specifies the timeout (in seconds) that ldap + searches for user and group enumerations are allowed to run before they are cancelled and cached results are returned (and offline mode is entered) - - Note: this option is subject to change in future versions - of the SSSD. It will likely be replaced at some point by - a series of timeouts for specific lookup types. Default: 60 diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index 61caef10e..feddc87dd 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -545,7 +545,7 @@ struct tevent_req *hbac_get_service_data_send(TALLOC_CTX *memctx, NULL, 0, dp_opt_get_int( hbac_ctx_sdap_id_ctx(state->hbac_ctx)->opts->basic, - SDAP_SEARCH_TIMEOUT)); + SDAP_ENUM_SEARCH_TIMEOUT)); if (subreq == NULL) { DEBUG(1, ("sdap_get_generic_send failed.\n")); @@ -842,7 +842,7 @@ static struct tevent_req *hbac_get_host_info_send(TALLOC_CTX *memctx, NULL, 0, dp_opt_get_int( hbac_ctx_sdap_id_ctx(state->hbac_ctx)->opts->basic, - SDAP_SEARCH_TIMEOUT)); + SDAP_ENUM_SEARCH_TIMEOUT)); if (subreq == NULL) { DEBUG(1, ("sdap_get_generic_send failed.\n")); @@ -1163,7 +1163,7 @@ static struct tevent_req *hbac_get_rules_send(TALLOC_CTX *memctx, NULL, 0, dp_opt_get_int( hbac_ctx_sdap_id_ctx(state->hbac_ctx)->opts->basic, - SDAP_SEARCH_TIMEOUT)); + SDAP_ENUM_SEARCH_TIMEOUT)); if (subreq == NULL) { DEBUG(1, ("sdap_get_generic_send failed.\n")); diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index a42cc3b4d..4c96babc1 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -43,7 +43,7 @@ struct dp_option ipa_def_ldap_opts[] = { { "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_default_authtok_type", DP_OPT_STRING, NULL_STRING, NULL_STRING}, { "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB }, - { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }, + { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "ldap_network_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "ldap_tls_reqcert", DP_OPT_STRING, { "hard" }, NULL_STRING }, @@ -81,7 +81,8 @@ struct dp_option ipa_def_ldap_opts[] = { { "ldap_account_expire_policy", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_access_order", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_chpass_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, - { "ldap_chpass_dns_service_name", DP_OPT_STRING, NULL_STRING, NULL_STRING } + { "ldap_chpass_dns_service_name", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_enumeration_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER } }; struct sdap_attr_map ipa_attr_map[] = { diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 4d79c03c5..49618f019 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -35,7 +35,7 @@ struct ipa_service { /* the following defines are used to keep track of the options in the ldap * module, so that if they change and ipa is not updated correspondingly * this will trigger a runtime abort error */ -#define IPA_OPTS_BASIC_TEST 43 +#define IPA_OPTS_BASIC_TEST 44 /* the following define is used to keep track of the options in the krb5 * module, so that if they change and ipa is not updated correspondingly diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index c98dd4ff3..6daf2c9f5 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -39,7 +39,7 @@ struct dp_option default_basic_opts[] = { { "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_default_authtok_type", DP_OPT_STRING, NULL_STRING, NULL_STRING}, { "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB }, - { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }, + { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "ldap_network_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER }, { "ldap_tls_reqcert", DP_OPT_STRING, { "hard" }, NULL_STRING }, @@ -77,7 +77,8 @@ struct dp_option default_basic_opts[] = { { "ldap_account_expire_policy", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_access_order", DP_OPT_STRING, { "filter" }, NULL_STRING }, { "ldap_chpass_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING }, - { "ldap_chpass_dns_service_name", DP_OPT_STRING, NULL_STRING, NULL_STRING } + { "ldap_chpass_dns_service_name", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_enumeration_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER } }; struct sdap_attr_map generic_attr_map[] = { diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c index 3335f70d0..f47ee9fbe 100644 --- a/src/providers/ldap/ldap_id_enum.c +++ b/src/providers/ldap/ldap_id_enum.c @@ -473,7 +473,7 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx, sdap_id_op_handle(state->op), state->attrs, state->filter, dp_opt_get_int(state->ctx->opts->basic, - SDAP_SEARCH_TIMEOUT)); + SDAP_ENUM_SEARCH_TIMEOUT)); if (!subreq) { ret = ENOMEM; goto fail; @@ -577,7 +577,7 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx, state->ctx->opts, sdap_id_op_handle(state->op), state->attrs, state->filter, dp_opt_get_int(state->ctx->opts->basic, - SDAP_SEARCH_TIMEOUT)); + SDAP_ENUM_SEARCH_TIMEOUT)); if (!subreq) { ret = ENOMEM; goto fail; diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 57865fe09..9ef9b70c7 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -191,6 +191,7 @@ enum sdap_basic_opt { SDAP_ACCESS_ORDER, SDAP_CHPASS_URI, SDAP_CHPASS_DNS_SERVICE_NAME, + SDAP_ENUM_SEARCH_TIMEOUT, SDAP_OPTS_BASIC /* opts counter */ }; -- cgit