LDAP timeout followup

[Joe Meadows]

Hi Jeremy,

Here's a bit of followup on the LDAP timeout changes that we worked on a 
little while back 
(http://lists.samba.org/archive/samba-technical/2005-January/038952.html). 
<http://lists.samba.org/archive/samba-technical/2005-January/038952.html>

Setting the timeout for ads_do_paged_search() definitely helps in 
dealing with a DC that has become unreachable, but it indirectly 
introduced a new problem.  Fortunately Alex's Samba installation had a 
'slow' leg, so this problem got discovered pretty early on and I think 
we have a fix for it.  In this setup there were about 800 domain users 
and the DC was on the other side of a 128Kbps link.  Due to the slow 
link the request was timing out even though it was in the process of 
being fulfilled.  It turns out that the LDAP page size is set to 1000 
entries and this was too large to complete the request in the alloted 
time over this connection.  Rather than setting arbitrarily long 
timeouts we made the page size configurable at compile time.  When the 
page size was reduced to 100 the request completed reliably and repeatedly.

In light of this I'm thinking that we should add an smb.conf parameter 
to the tune of 'ldap page size = '.  The default can still be 1000 but 
this will give the ability to tune this as necessary.  I think that it 
would also be helpful to add a message in case of a timeout occuring in 
ads_do_paged_search() that suggests trying a smaller page size.  (If 
anyone feels like getting really fancy the timeout recovery code can be 
written to do an automatic retry with a small page size :))

I was hoping to get your opinion on this change and also to let you know 
that I'll submit the changes to you if you're interested.  We've got to 
stay with 3.0.10 so I'm going to patch that release for our use, but 
I'll be happy to port the changes to the tip code as well if you wish.

Thanks,
Joe