summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2010-12-08 15:47:29 -0500
committerStephen Gallagher <sgallagh@redhat.com>2010-12-17 16:16:27 -0500
commit6c4661b78edafbd5b44e0c6319243e6671260bd0 (patch)
tree08ee9b3773deca99e6e3c07bb917abaf6413e510
parent5dca77263340b272bfa51de0fe9729fa4a292306 (diff)
downloadsssd_unused-6c4661b78edafbd5b44e0c6319243e6671260bd0.tar.gz
sssd_unused-6c4661b78edafbd5b44e0c6319243e6671260bd0.tar.xz
sssd_unused-6c4661b78edafbd5b44e0c6319243e6671260bd0.zip
Start first enumeration immediately
Previously, we would wait for ten seconds before starting an enumeration. However, this meant that on the first startup (before we had run our first enumeration) there was a ten-second window where clients would immediately get back a response with no entries instead of blocking until the enumeration completed. With this patch, SSSD will now run an enumeration immediately upon startup. Further startups will retain the ten-second delay so as not to slow down system bootups. https://fedorahosted.org/sssd/ticket/616
-rw-r--r--src/man/sssd.conf.5.xml5
-rw-r--r--src/providers/ldap/ldap_common.c31
-rw-r--r--src/providers/ldap/ldap_id_enum.c14
3 files changed, 47 insertions, 3 deletions
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 2bba3805..7392dd09 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -513,6 +513,11 @@
processing.
</para>
<para>
+ While the first enumeration is running, requests
+ for the complete user or group lists may return
+ no results until it completes.
+ </para>
+ <para>
Further, enabling enumeration may increase the time
necessary to detect network disconnection, as
longer timeouts are required to ensure that
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 9945b4b1..a38d5cc2 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -415,12 +415,37 @@ int sdap_id_setup_tasks(struct sdap_id_ctx *ctx)
struct timeval tv;
int ret = EOK;
int delay;
+ bool has_enumerated;
/* set up enumeration task */
if (ctx->be->domain->enumerate) {
- /* run the first one in a couple of seconds so that we have time to
- * finish initializations first*/
- tv = tevent_timeval_current_ofs(10, 0);
+ /* If this is the first startup, we need to kick off
+ * an enumeration immediately, to close a window where
+ * clients requesting get*ent information won't get an
+ * immediate reply with no entries
+ */
+ ret = sysdb_has_enumerated(ctx->be->sysdb,
+ ctx->be->domain,
+ &has_enumerated);
+ if (ret != EOK) {
+ return ret;
+ }
+ if (has_enumerated) {
+ /* At least one enumeration has previously run,
+ * so clients will get cached data. We will delay
+ * starting to enumerate by 10s so we don't slow
+ * down the startup process if this is happening
+ * during system boot.
+ */
+ tv = tevent_timeval_current_ofs(10, 0);
+ } else {
+ /* This is our first startup. Schedule the
+ * enumeration to start immediately once we
+ * enter the mainloop.
+ */
+ tv = tevent_timeval_current();
+ }
+
ret = ldap_id_enumerate_set_timer(ctx, tv);
} else {
/* the enumeration task, runs the cleanup process by itself,
diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c
index f2ac8c6a..8695f355 100644
--- a/src/providers/ldap/ldap_id_enum.c
+++ b/src/providers/ldap/ldap_id_enum.c
@@ -134,12 +134,26 @@ static void ldap_id_enumerate_reschedule(struct tevent_req *req)
uint64_t err;
struct timeval tv;
int delay;
+ errno_t ret;
if (tevent_req_is_error(req, &tstate, &err)) {
/* On error schedule starting from now, not the last run */
tv = tevent_timeval_current();
} else {
tv = ctx->last_enum;
+
+ /* Ok, we've completed an enumeration. Save this to the
+ * sysdb so we can postpone starting up the enumeration
+ * process on the next SSSD service restart (to avoid
+ * slowing down system boot-up
+ */
+ ret = sysdb_set_enumerated(ctx->be->sysdb,
+ ctx->be->domain,
+ true);
+ if (ret != EOK) {
+ DEBUG(1, ("Could not mark domain as having enumerated.\n"));
+ /* This error is non-fatal, so continue */
+ }
}
talloc_zfree(req);