timeout in LDAP access

Corinna Vinschen corinna-cygwin@cygwin.com
Mon Jul 7 11:07:00 GMT 2014

On Jul  3 22:56, Denis Excoffier wrote:
> On 2014-06-25 23:13 Corinna Vinschen wrote:
> > 
> > You asked for errors being propagated up the chain to the
> > getpwent/getgrent calls and that's exactly what happens now.  There are
> > a lot of LDAP error codes.  How is Cygwin supposed to handle every one
> > of them?  Do we need a list of ignorable and non-ignorable error codes?
> I don’t know. IMHO:
> - a server which is down can be ignored (unless explicitly requested)
> - a timeout, when some output has already been received, must be reported
> - all servers should be treated independently since they are independent
> For the time being, i have added LDAP_SERVER_DOWN in map_ldaperr_to_errno
> at the same place as LDAP_SUCCESS.

I'm wondering if that's the right thing to do.  It feels wrong to
convert a valid error to LDAP_SUCCESS.

Taking a step back, the only reason to ignore such an error would be, if
trying to connect to a domain fails.  If this error occurs somewhere in
the middle, during enumerating a domain, it's a legit error.

I changed pg_ent::enumerate_ad accordingly.

> >> More than that, i added system_printf("starting open in domain %W", domain)
> >> immediately at the beginning of cyg_ldap::open, and run ‘getent passwd’ now during
> >> one minute (wait 60s, then Control-C). I got 1080 ‘starting open in domain (null)’
> >> messages on stderr and 1016 normal passwd entries on stdout. The discrepancy
> >> 1016 vs 1080 is ok because stdout was not properly flushed out.
> > 
> > 60 seconds for 1016 user entries?  That sounds incredibly slow.
> I’m pretty sure that this is due to the non-buffering
> of stderr. In fact, system_printf() is incredibly slow ;-)

Oh, right.  I didn't realize the 60 secs are the time it takes while
stracing.  No worries here.

> > The open function is called for every account, but that doesn't mean it
> > really needs opening.  That's what the early return is for.  The code
> > starts like this:
> >  [...]
> > Did you add the system_printf before the "/* Already open? */" comment,
> > by any chance?
> You’re right. It was before. Now i have it after and there is only one
> such message for the primary domain.
> However, for the non-primary domains the result is the same: i get as
> many cyg_ldap::open()s as accounts. Even more strange, for all these open’s
> (except the first one) the domain variable is printed as (null). Perhaps
> something uncontrolled within pg_ent::enumerate_ad()? Simple suggestion, i
> was not able to understand the logic there.

I can't reproduce this.

For enumerating a non-primary domain, I get exactly two calls to
cyg_ldap::open which actually do a connect.  The first call opens the
domain for enumeration.  The second call opens the primary domain (NULL)
to fetch the POSIX offset value for the foreign domain (see my document
explaining the POSIX offset stuff), unless the application or one of
its parent processes already fetched the POSIX offset for this domain.

I don't observer any further calls to connect in this scenario.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20140707/db44b802/attachment.sig>

More information about the Cygwin mailing list