FW: Winbindd timeout on unreacheable domains
Lin Li
linl at xandros.com
Thu Feb 19 14:58:39 GMT 2004
> On Thu, 2004-02-19 at 22:39, ww m-pubsyssamba wrote:
>> Hi Andrew,
>>
>> thanks for your reply, please see my comments below,
>
>
>> ## My test forest has only two DC's so I don't think there's much that can go wrong in such a simple
>> ## environment, (exact timeout is actually consistantly 3mins 50seconds). However I'm going to test
>> ## this in our live environment over the weekend by isolating a DC and samba server from the rest of
>> ## the network so I'll see for real how bad this will be with many trusted domains.
>
> The thing that would benefit me most would probably be a network trace.
> (To me personally would probably be best).
> What I'm trying to pin down is 'what is waiting'. If it is LDAP
> connect() calls, then we might consider using code we already have to
> make the LDAP connection attempt time-out sooner - likewise, there are
> configuration settings in resolv.conf, for how long a DNS query may take
> to timeout.
> Andrew Bartlett
In fact I have logged a bug (#704) for this. It's doing ads_try_connect(). My solution is to use ldap_init() instead of ldap_open() and set a small timeout using ldap_set_option(). Here is my patch (I'm using 3.0.0) and it works in my test.
-------------------------------------
+ struct timeval timeout;
if (!server || !*server) {
return False;
@@ -58,11 +59,15 @@
/* this copes with inet_ntoa brokenness */
srv = strdup(server);
- ads->ld = ldap_open(srv, port);
+ ads->ld = ldap_init(srv, port);
if (!ads->ld) {
free(srv);
return False;
}
+
+ timeout.tv_sec = 15;
+ timeout.tv_usec = 0;
+ ldap_set_option(ads->ld, LDAP_OPT_NETWORK_TIMEOUT, &timeout);
ads->ldap_port = port;
ads->ldap_ip = *interpret_addr2(srv);
free(srv);
-------------------------------------
Thanks,
Lin
--
Xandros Corporation
Simple. Powerful. Linux.
Visit us at http://www.xandros.com
More information about the samba-technical
mailing list