anomaly in rev. 4655 of ads.h and ldap.c; LDAP (search) timeouts

[Alex de Vaal]

Hello Jeremy,
 
There seem to be an anomaly in the patch you've written for the LDAP
search timeouts (rev 4655 of ads.h and ldap.c). 
I'd like to report it to you before the final 3.0.11 is released.
 
To control the LDAP (search) timeouts, the smb.conf option "ldap timeout ="
is used. 
However, when I use wbinfo -u on 3.0.10 patched with ads.h and ldap.c
the "ldap_search_with_timeout((objectClass=user)) -> Timed out"
error message appearsin the winbindd.log and after a while wbinfo -u
reports "Error looking up domain users".
 
Because my W2k3 DC is behind a router, it takes 9 or 10 seconds to do 
a full LDAP query on(objectClass=user), I tested that with 3.0.10 unpatched
(=original) and a part of the output of winbind of that test I put below.
After those 9 seconds wbinfo -u gives the appropriate output.
  
[2005/02/01 02:27:07, 10] nsswitch/winbindd_cache.c:query_user_list(727)
  query_user_list: [Cached] - doing backend query for list for domain
NH-HOTELES
[2005/02/01 02:27:07, 3] nsswitch/winbindd_ads.c:query_user_list(128)
  ads: query_user_list
[2005/02/01 02:27:07, 7] nsswitch/winbindd_ads.c:ads_cached_connection(48)
  Current tickets expire at 1107257160, time is now 1107221227
[2005/02/01 02:27:16, 5] libads/ldap_utils.c:ads_do_search_retry(56)
  Search for (objectClass=user) gave 853 replies
[2005/02/01 02:27:16, 3] nsswitch/winbindd_ads.c:query_user_list(202)
  ads query_user_list gave 853 entries
 

When I use the patched 3.0.10  (with rev. 4655 of ads.h and ldap.c), 
the "ldap_search_with_timeout((objectClass=user)) -> Timed out" error 
message appeared because the query took longer than the timeout given.
There is however a strange relation between the "ldap timeout =" option
and the "ldap_search_with_timeout((objectClass=user)) -> Timed out" 
error message.
 
When I put as "ldap timeout = 7" then the "ldap_search_with_timeout"
error messageappears after 3 seconds.
 
When I put as "ldap timeout = 10" then the "ldap_search_with_timeout"
error message appears after 5 seconds.
 
When I put as "ldap timeout = 15" then the "ldap_search_with_timeout"
error message appears after 7 seconds.
 
The relation is that the "ldap_search_with_timeout((objectClass=user))
-> Timed out" error message appears after the time given in "ldap timeout"
divided by 2.
I tested with a lot of "ldap timeout" settings, but the relation kept on
being "ldap timeout" divided by 2 (you can see that perfectly well with 
even numbers).
 
Subjoined an example of the "ldap_search_with_timeout" when
"ldap timeout = 5".
 
[2005/02/01 02:36:10, 10] nsswitch/winbindd_cache.c:query_user_list(727)
  query_user_list: [Cached] - doing backend query for list for domain
NH-HOTELES
[2005/02/01 02:36:10, 3] nsswitch/winbindd_ads.c:query_user_list(128)
  ads: query_user_list
[2005/02/01 02:36:10, 7] nsswitch/winbindd_ads.c:ads_cached_connection(48)
  Current tickets expire at 1107257654, time is now 1107221770
[2005/02/01 02:36:12, 3] libads/ldap.c:ads_do_paged_search(519)
  ads_do_paged_search: ldap_search_with_timeout((objectClass=user)) -> Timed
out
[2005/02/01 02:36:12, 3] libads/ldap_utils.c:ads_do_search_retry(66)
  Reopening ads connection to realm 'NH-HOTELES.COM' after error Timed out
 

"ldap timeout = 15"; ldap_search_with_timeout = 7 to 8 seconds.
===============================================================
[2005/02/01 01:04:04, 7] nsswitch/winbindd_ads.c:ads_cached_connection(48)
  Current tickets expire at 1107251978, time is now 1107216244
[2005/02/01 01:04:11, 3] libads/ldap.c:ads_do_paged_search(519)
  ads_do_paged_search: ldap_search_with_timeout((objectClass=user)) -> Timed
out 

"ldap timeout = 10"; ldap_search_with_timeout = 5 seconds.
==========================================================
2005/02/01 01:05:19, 7] nsswitch/winbindd_ads.c:ads_cached_connection(48)
  Current tickets expire at 1107251978, time is now 1107216319
[2005/02/01 01:05:26, 3] libads/ldap.c:ads_do_paged_search(519)
  ads_do_paged_search: ldap_search_with_timeout((objectClass=user)) -> Timed
out 


Best regards,
Alex.