Bug 514566 - LDAP Back End Domain configuration timeout does not appear to be working
LDAP Back End Domain configuration timeout does not appear to be working
Product: Fedora
Classification: Fedora
Component: sssd (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Simo Sorce
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-07-29 12:52 EDT by Jenny Galipeau
Modified: 2010-01-12 08:32 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-01-12 08:32:53 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jenny Galipeau 2009-07-29 12:52:48 EDT
Description of problem:
With an LDAP BE configurated, if the directory server is unavailable on the first search attempt, it times out at five minutes regardless of what the domain timeout configuration value 

[root@jennyF11 jenny]# time getent -s sss passwd

real	5m0.008s
user	0m0.000s
sys	0m0.004s

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. configure new SSSD client for LDAP BE - with timeout = 30
2. stop the targeted directory server or take the server off line
3. from the sssd client  
   time getent -s sss passwd
4. change the timeout in the sssd.conf domain configuration to 10
5. restart sssd
   service sssd restart
6. time getent -s sss passwd
Actual results:
command times out after 5 minutes regardless of timeout configuration

Expected results:
timeout after the specified domain timeout configuration and error message that the data provider is unreachable - also should document what the default time out is.

Additional info:


description = Local Service Configuration
activeServices = nss, dp, pam

description = NSS Responder Configuration
# the following prevents sssd for searching for the root user/group in
# all domains (you can add here a comma separated list of system accounts are
# always going to be /etc/passwd users, or that you want to filter out)
filterGroups = root
filterUsers = root

description = Data Provider Configuration

description = PAM Responder Configuration

description = Service Monitor Configuration
#if a backend is particularly slow you can raise this timeout here
sbusTimeout = 30

description = Domains served by SSSD
domains = LDAP

description = Proxy request to our LDAP server
enumerate = 3
minId = 1000
maxId = 1010
legacy = FALSE
cache-credentials = FALSE

provider = proxy
libName = ldap
libPath = libnss_ldap.so.2

#if a backend is particularly slow you can raise this timeout here
timeout = 30
Comment 1 Stephen Gallagher 2010-01-12 08:32:53 EST
Fixed in sssd-1.0.1-1.fc11

Note You need to log in before you can comment on or make changes to this bug.