514566 – LDAP Back End Domain configuration timeout does not appear to be working

Bug 514566 - LDAP Back End Domain configuration timeout does not appear to be working

Summary: LDAP Back End Domain configuration timeout does not appear to be working

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	sssd
Sub Component:
Version:	11
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Simo Sorce
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-07-29 16:52 UTC by Jenny Severance
Modified:	2010-01-12 13:32 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-01-12 13:32:53 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jenny Severance 2009-07-29 16:52:48 UTC

Description of problem:
With an LDAP BE configurated, if the directory server is unavailable on the first search attempt, it times out at five minutes regardless of what the domain timeout configuration value 

[root@jennyF11 jenny]# time getent -s sss passwd

real	5m0.008s
user	0m0.000s
sys	0m0.004s



Version-Release number of selected component (if applicable):
sssd-0.4.1-3.fc11.i586
sssd-debuginfo-0.4.1-3.fc11.i586

How reproducible:
always

Steps to Reproduce:
1. configure new SSSD client for LDAP BE - with timeout = 30
2. stop the targeted directory server or take the server off line
3. from the sssd client  
   time getent -s sss passwd
4. change the timeout in the sssd.conf domain configuration to 10
5. restart sssd
   service sssd restart
6. time getent -s sss passwd
  
Actual results:
command times out after 5 minutes regardless of timeout configuration

Expected results:
timeout after the specified domain timeout configuration and error message that the data provider is unreachable - also should document what the default time out is.

Additional info:

sssd.conf:

[services]
description = Local Service Configuration
activeServices = nss, dp, pam

[services/nss]
description = NSS Responder Configuration
# the following prevents sssd for searching for the root user/group in
# all domains (you can add here a comma separated list of system accounts are
# always going to be /etc/passwd users, or that you want to filter out)
filterGroups = root
filterUsers = root

[services/dp]
description = Data Provider Configuration

[services/pam]
description = PAM Responder Configuration

[services/monitor]
description = Service Monitor Configuration
#if a backend is particularly slow you can raise this timeout here
sbusTimeout = 30

[domains]
description = Domains served by SSSD
domains = LDAP

[domains/LDAP]
description = Proxy request to our LDAP server
enumerate = 3
minId = 1000
maxId = 1010
legacy = FALSE
cache-credentials = FALSE

provider = proxy
libName = ldap
libPath = libnss_ldap.so.2

#if a backend is particularly slow you can raise this timeout here
timeout = 30

Comment 1 Stephen Gallagher 2010-01-12 13:32:53 UTC

Fixed in sssd-1.0.1-1.fc11

Note You need to log in before you can comment on or make changes to this bug.