On Fri, 04 Mar 2016, Jakub Hrozek wrote:
On Fri, Mar 04, 2016 at 11:10:47AM +0200, Alexander Bokovoy wrote:
On the other hand, if no users are going to use the configuration, it
should not hurt anymore to have it enabled. With current slapi-nis state
there should be no problems anymore.

I admit I haven't been following the slapi-nis patches closely. Are you
saying that if no sssd clients are using the slapi-nis tree (remember we
used the tree mostly for sudo rules lately) the users wouldn't see
issues that they were seeing previously (IIRC it had to do with locking
because every auth, so also every bind was a write operation) ?

Or were these issues fixed in slapi-nis so even using the compat tree
for sudo rules would not be problematic anymore?
These issues were because slapi-nis has a single lock that was taken for
long time when processing reads due to clients not reading out the data
and thus mingling with write operations. The change we did in slapi-nis
0.55 is by allowing reads to operate on a private copy of that data,
thus dropping locks way before results are sent out -- now if a client
refuses to read the data, nothing holds the lock to internal slapi-nis
structure anymore.
/ Alexander Bokovoy

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to