This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: timeout in LDAP access
- From: Denis Excoffier <Denis dot Excoffier at free dot fr>
- To: cygwin at cygwin dot com
- Date: Thu, 3 Jul 2014 22:56:56 +0200
- Subject: Re: timeout in LDAP access
- Authentication-results: sourceware.org; auth=none
- References: <20140617100011 dot GL23700 at calimero dot vinschen dot de> <C462E4F3-1E51-46DC-BD27-BC4786A5E8BB at Denis-Excoffier dot org> <20140618083304 dot GV23700 at calimero dot vinschen dot de> <20140618180102 dot GA27055 at calimero dot vinschen dot de> <FEEBC1A4-B147-45C1-A5AC-F5B9108E998F at Denis-Excoffier dot org> <20140623090959 dot GA1803 at calimero dot vinschen dot de> <C2FB35D9-AE47-4461-8A94-20605D5EB996 at Denis-Excoffier dot org> <20140624155851 dot GJ1803 at calimero dot vinschen dot de> <20140625101526 dot GO1803 at calimero dot vinschen dot de> <E760D646-FFCB-434C-B990-7783DC011326 at Denis-Excoffier dot org> <20140625211355 dot GA25116 at calimero dot vinschen dot de>
On 2014-06-25 23:13 Corinna Vinschen wrote:
>
> You asked for errors being propagated up the chain to the
> getpwent/getgrent calls and that's exactly what happens now. There are
> a lot of LDAP error codes. How is Cygwin supposed to handle every one
> of them? Do we need a list of ignorable and non-ignorable error codes?
I don’t know. IMHO:
- a server which is down can be ignored (unless explicitly requested)
- a timeout, when some output has already been received, must be reported
- all servers should be treated independently since they are independent
For the time being, i have added LDAP_SERVER_DOWN in map_ldaperr_to_errno
at the same place as LDAP_SUCCESS.
>
>> Also, there was a large delay (more than 2 min, say at least 8 minutes) between
>> the end of output and the end of getent. I got one single system_printf
>> message (see above).
>
> I can't observe this. It needs debugging in your environment so I know
> which part of the source is responsible for this delay under what
> circumstances.
I forgot to test it again. I’ll do it soon.
>
>> More than that, i added system_printf("starting open in domain %W", domain)
>> immediately at the beginning of cyg_ldap::open, and run ‘getent passwd’ now during
>> one minute (wait 60s, then Control-C). I got 1080 ‘starting open in domain (null)’
>> messages on stderr and 1016 normal passwd entries on stdout. The discrepancy
>> 1016 vs 1080 is ok because stdout was not properly flushed out.
>
> 60 seconds for 1016 user entries? That sounds incredibly slow.
I’m pretty sure that this is due to the non-buffering
of stderr. In fact, system_printf() is incredibly slow ;-)
>> - there are as many open() calls as passwd entries in the output?
>
> The open function is called for every account, but that doesn't mean it
> really needs opening. That's what the early return is for. The code
> starts like this:
>
> [...]
>
> Did you add the system_printf before the "/* Already open? */" comment,
> by any chance?
You’re right. It was before. Now i have it after and there is only one
such message for the primary domain.
However, for the non-primary domains the result is the same: i get as
many cyg_ldap::open()s as accounts. Even more strange, for all these open’s
(except the first one) the domain variable is printed as (null). Perhaps
something uncontrolled within pg_ent::enumerate_ad()? Simple suggestion, i
was not able to understand the logic there.
>
> Corinna
Denis.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple