Bug 514566

Summary: LDAP Back End Domain configuration timeout does not appear to be working
Product: [Fedora] Fedora Reporter: Jenny Galipeau <jgalipea>
Component: sssdAssignee: Simo Sorce <ssorce>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 11CC: jhrozek, sbose, sgallagh, ssorce
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-01-12 08:32:53 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Jenny Galipeau 2009-07-29 12:52:48 EDT
Description of problem:
With an LDAP BE configurated, if the directory server is unavailable on the first search attempt, it times out at five minutes regardless of what the domain timeout configuration value 

[root@jennyF11 jenny]# time getent -s sss passwd

real	5m0.008s
user	0m0.000s
sys	0m0.004s

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. configure new SSSD client for LDAP BE - with timeout = 30
2. stop the targeted directory server or take the server off line
3. from the sssd client  
   time getent -s sss passwd
4. change the timeout in the sssd.conf domain configuration to 10
5. restart sssd
   service sssd restart
6. time getent -s sss passwd
Actual results:
command times out after 5 minutes regardless of timeout configuration

Expected results:
timeout after the specified domain timeout configuration and error message that the data provider is unreachable - also should document what the default time out is.

Additional info:


description = Local Service Configuration
activeServices = nss, dp, pam

description = NSS Responder Configuration
# the following prevents sssd for searching for the root user/group in
# all domains (you can add here a comma separated list of system accounts are
# always going to be /etc/passwd users, or that you want to filter out)
filterGroups = root
filterUsers = root

description = Data Provider Configuration

description = PAM Responder Configuration

description = Service Monitor Configuration
#if a backend is particularly slow you can raise this timeout here
sbusTimeout = 30

description = Domains served by SSSD
domains = LDAP

description = Proxy request to our LDAP server
enumerate = 3
minId = 1000
maxId = 1010
legacy = FALSE
cache-credentials = FALSE

provider = proxy
libName = ldap
libPath = libnss_ldap.so.2

#if a backend is particularly slow you can raise this timeout here
timeout = 30
Comment 1 Stephen Gallagher 2010-01-12 08:32:53 EST
Fixed in sssd-1.0.1-1.fc11