On Fri, Dec 10, 2010 at 11:14:15AM +0100, Sumit Bose wrote: > On Wed, Dec 08, 2010 at 04:29:43PM -0500, Stephen Gallagher wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Patch 0001: Add sysdb_has_enumerated and sysdb_set_enumerated helper > > functions > > > > Patch 0002: Start first enumeration immediately > > > > Previously, we would wait for ten seconds before starting an > > enumeration. However, this meant that on the first startup (before > > we had run our first enumeration) there was a ten-second window > > where clients would immediately get back a response with no > > entries instead of blocking until the enumeration completed. > > > > With this patch, SSSD will now run an enumeration immediately upon > > startup. Further startups will retain the ten-second delay so as > > not to slow down system bootups. > > This patch works as expected, but I'm not sure that it fixes original > issue, because there is still a window, although 10s shorter, where the > cache is empty and a 'getent passwd' call will return immediately > without any data. This window can be quite large if the LDAP server is > slow or there are a lot of users and groups to enumerate. > > If there was a 'getent passwd' call during the initial enumeration it > looks that new 'getent passwd' still return nothing until > enum_cache_timeout is over. > > So maybe if we do not want to block the early enumeration request we > should not set the timeout until the cache if filled. >
We discussed this issue on irc and agreed that there will be no direct fix to close this window, but a paragraph in the man page explaining that there might be a small chance that during the first enum_cache_timeout seconds a enumeration request like 'getent passwd' will return no results. bye, Sumit > bye, > Sumit > > > > > Fixes https://fedorahosted.org/sssd/ticket/616 > > > > - -- > > Stephen Gallagher > > RHCE 804006346421761 > > > > Delivering value year after year. > > Red Hat ranks #1 in value among software vendors. > > http://www.redhat.com/promo/vendor/ > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.11 (GNU/Linux) > > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > > > iEYEARECAAYFAkz/+McACgkQeiVVYja6o6MjTgCdHQWbZOOKtcURTbl29PV/YR0u > > j7wAoKAm7stVwQT89xdz3vZyN/w6vMZU > > =xOOZ > > -----END PGP SIGNATURE----- > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/sssd-devel _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
