enhance error handling of winbind

Andrew Bartlett abartlet at samba.org
Sat May 8 00:07:50 GMT 2004


On Sat, 2004-05-08 at 00:34, kawasa_r at itg.hitachi.co.jp wrote:
> Processes that communicate winbind daemon hang when the LDAP server does 
> not work. 
> This happens winbind daemon is used and LDAP is set as idmap backend.
> 
> Since winbind daemon can not manage plural requests at once, processes that
> communicate winbindd should wait until the bind from the winbind daemon to
> the LDAP server detect timeout.
> 
> If communication to the LDAP server is failed, we changed the management 
> as follows.
> * Do not reconnect the LDAP server.
> * Do not user remote_map as the idmap for 5 minutes.(this means, 
> do not connect the LDAP server)
> * Abort the management of getpwent() and getgrent().
> 
> 
> Index: samba-302/source/lib/smbldap.c
> ===================================================================
> RCS file: /cvs/samba-302/source/lib/smbldap.c,v
> retrieving revision 1.1
> retrieving revision 1.2
> diff -u -r1.1 -r1.2
> --- samba-302/source/lib/smbldap.c	16 Feb 2004 01:13:35 -0000	1.1
> +++ samba-302/source/lib/smbldap.c	4 Mar 2004 04:43:05 -0000	1.2
> @@ -33,7 +33,7 @@
>  /* Try not to hit the up or down server forever */
>  
>  #define SMBLDAP_DONT_PING_TIME 10	/* ping only all 10 seconds */
> -#define SMBLDAP_NUM_RETRIES 8	        /* retry only 8 times */
> +#define SMBLDAP_NUM_RETRIES 1	        /* retry only 1 times */

The reason we retry 8 times is that in some situations, the ldap server
returns 'connection refused', which is immediate.  This often occurs if
the LDAP server is being restarted.  What we wanted to do was to wait,
up to about 15 seconds, for that server to restart.

What we should do is keep a timer in smbldap_retry_open(), that ensures
that we wait at most 20 seconds, or 8 retries, whichever is less.

I certainly agree we should 'blacklist' the server for a short period,
if we exceed that timeout.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040508/0642ffd8/attachment.bin


More information about the samba-technical mailing list