> This patch makes several changes, making the code more manageable by > reducing the places we need to look for cache values, as well as > improving the granularity of our cache settings. > > 1) Add four new options: entry_cache_user_timeout, > entry_cache_group_timeout, entry_cache_netgroup_timeout and > entry_cache_service_timeout. If they are unspecified, they will be > populated internally with the value of entry_cache_timeout (or its > default in turn of 5400). > > 2) These new cache values are stored as members of the sss_domain_info > structure, which we have available pretty much everywhere in the > providers. > > 3) It removes 'entry_cache_timeout' from the dp_opt lists for both the > LDAP and IPA identity providers, in preference to the sss_domain_info > structure. > > 4) The proxy provider no longer reads the entry_cache_timeout into its > own proxy_id_ctx either, in preference to the sss_domain_info structure. > > > There are also two minor additional fixes I included while adding these > features. There were two places in the code where we were incorrectly > using the entry_cache_timeout as the timeout value of an LDAP operation. > Thus, it was possible to be stuck waiting 90 minutes (by default) for an > LDAP server to reply. (This was only possible during nested group > processing on FreeIPA servers, I believe).
Nack, please rebase the patch on top of current master. Where possible, don't give the sss_domain_info as an argument, it's part of the sysdb_ctx and can be retrieved by sysdb_ctx_get_domain(). Other than that the patch looks fine, I haven't done any testing due to inability to apply the patch. Thanks Jan
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
