On 5/22/19 3:28 PM, dee heffem wrote: > On 5/21/19 4:31 PM, Michael Ströder wrote: >> Is your overlay processing a single bind operation? >> >> AFAIK the slapd worker thread is blocked for the whole processing time >> of a single bind operation. Thus I have some doubts that you want to >> implement an auth mechanism with such asynchronous characteristics in an >> overlay. > > Yes. Also, I now see what you mean. Testing simultaneous auth sessions > was the next TODO after increasing the timeout. Alas, as you mention, > when two users attempt a bind (ldapsearch -D for instance) User #2 does > not get a push request until User #1 has finished auth. Blasted thing.
I would not expect the 2nd request to block. I would expect the n+1 bind operation to block with n being the value configured with slapd.conf directive 'threads'. > Can lutil_passwd_add() be told to run in another thread or something? > Perhaps this is just digging a hole deeper however. Each request is processed by a slapd worker-thread. But this means that when setting threads n in your slapd.conf only max. n bind operations can wait for push message. The next one will block BTW: Not sure about the capabilities of the 2FA service you're using. Such a service might serialize all your calls or have some other type of rate-limiting in place. Ciao, Michael.
