[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Changing timeouts from a slapd module

To: Michael Ströder <michael@stroeder.com>
Subject: Re: Changing timeouts from a slapd module
From: dee heffem <dheffem@gmail.com>
Date: Wed, 22 May 2019 08:28:59 -0500
Cc: OpenLDAP Technical <openldap-technical@openldap.org>
Content-language: en-US
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=eJ5WqoUeTo2Skbiz+tCfdKWlBALT+mVShgAuJbN4MsU=; b=M6nKYzZSGgmxS65nsVcFpizUqdetrP344r4aphALnoNXJFBJngs8X4Pfb1SUQF2K2g RTzoeP/PhEMvNEUcCDtga4SWrFlOopdmlkDVov+u6NvLPxjuSy2WW8EMaWepdDrO0KZQ 0yeTvvA5qPf1Y5ogYBFTl6SFZYWibRhc5vrlpIiY1hHC0kMoC3yghRXjnXhmcGPPgf1P BDWvuFtMwbMiGAexmZgSWzal+EF/Qfq5LojknirmIVOfp12j4MurO3vbZdSRZ8Tzp2ea My8+DDafXpw2ndZsoWGwh8YQsF/euf32uy5oU7TFCNN7amcn6pV0Fnlz9EvPrteaBpkd Zmbw==
In-reply-to: <d2428f7b-d338-e2b7-5925-95309d319ddc@stroeder.com>
References: <CAM-t1EaWZ1mmzbtyV-XRxtmyk=6kRbsdYzC7WFLBZv5=F7XBhQ@mail.gmail.com> <87ef51x91g.fsf@pink.fritz.box> <3F66A84DB9D8E99EF5A5825C@192.168.1.39> <CAM-t1EbApGTcNpd6bHSFQEU91OQFDYO0J2UzDSX7RnyMGDPUQg@mail.gmail.com> <87k1esyscr.fsf@pink.fritz.box> <CAM-t1Eak3b+3jB2NTagSVc-JPvW0exqJRZFhkmQ++49AEZ5Q6A@mail.gmail.com> <2B13C8F70A0C725107F0641B@192.168.1.39> <CAM-t1EZYcqYCiNdphAQ23kaMP_wgsyjt0SF=cuwWmaj4SMqjwA@mail.gmail.com> <01A83D0402E9486565385086@[192.168.1.39]> <bc09ac9b-4d64-e445-eda3-1a95cd30871c@gmail.com> <d2428f7b-d338-e2b7-5925-95309d319ddc@stroeder.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1


On 5/21/19 4:31 PM, Michael Ströder wrote:
> On 5/21/19 4:12 PM, dee heffem wrote:
<snip>>> 60 seconds would be more user friendly but after some
experimentation
>> with ldap_set_option() I've not been able to affect the connection
>> timeout -- if that's what it is.

It seems after reloading my OpenLDAP test server this morning, the
ldap_set_option() timeout adjustment has indeed changed. I had merely
restarted slapd yesterday and for whatever reason the timeout
was unaffected.

> Is your overlay processing a single bind operation?
> 
> AFAIK the slapd worker thread is blocked for the whole processing time
> of a single bind operation. Thus I have some doubts that you want to
> implement an auth mechanism with such asynchronous characteristics in an
> overlay.
Yes. Also, I now see what you mean. Testing simultaneous auth sessions
was the next TODO after increasing the timeout. Alas, as you mention,
when two users attempt a bind (ldapsearch -D for instance) User #2 does
not get a push request until User #1 has finished auth. Blasted thing.

Can lutil_passwd_add() be told to run in another thread or something?
Perhaps this is just digging a hole deeper however.

Thanks

Follow-Ups:
- Re: Changing timeouts from a slapd module
  - From: Michael Ströder <michael@stroeder.com>

References:
- accesslog database: overflow or data rotation?
  - From: Manuela Mandache <manuela.mandache.mm@gmail.com>
- Re: accesslog database: overflow or data rotation?
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: accesslog database: overflow or data rotation?
  - From: Manuela Mandache <manuela.mandache.mm@gmail.com>
- Re: accesslog database: overflow or data rotation?
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: accesslog database: overflow or data rotation?
  - From: Manuela Mandache <manuela.mandache.mm@gmail.com>
- Re: accesslog database: overflow or data rotation?
  - From: Manuela Mandache <manuela.mandache.mm@gmail.com>
- Re: accesslog database: overflow or data rotation?
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Changing timeouts from a slapd module
  - From: dee heffem <dheffem@gmail.com>
- Re: Changing timeouts from a slapd module
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Antw: Re: Help need with replication
Next by Date: Re: Changing timeouts from a slapd module
Index(es):
- Chronological
- Thread