LDAP timeout followup
Joe Meadows
joe_meadows at adaptec.com
Fri Feb 11 21:23:34 GMT 2005
Hi Jeremy,
Here's a bit of followup on the LDAP timeout changes that we worked on a
little while back
(http://lists.samba.org/archive/samba-technical/2005-January/038952.html).
<http://lists.samba.org/archive/samba-technical/2005-January/038952.html>
Setting the timeout for ads_do_paged_search() definitely helps in
dealing with a DC that has become unreachable, but it indirectly
introduced a new problem. Fortunately Alex's Samba installation had a
'slow' leg, so this problem got discovered pretty early on and I think
we have a fix for it. In this setup there were about 800 domain users
and the DC was on the other side of a 128Kbps link. Due to the slow
link the request was timing out even though it was in the process of
being fulfilled. It turns out that the LDAP page size is set to 1000
entries and this was too large to complete the request in the alloted
time over this connection. Rather than setting arbitrarily long
timeouts we made the page size configurable at compile time. When the
page size was reduced to 100 the request completed reliably and repeatedly.
In light of this I'm thinking that we should add an smb.conf parameter
to the tune of 'ldap page size = '. The default can still be 1000 but
this will give the ability to tune this as necessary. I think that it
would also be helpful to add a message in case of a timeout occuring in
ads_do_paged_search() that suggests trying a smaller page size. (If
anyone feels like getting really fancy the timeout recovery code can be
written to do an automatic retry with a small page size :))
I was hoping to get your opinion on this change and also to let you know
that I'll submit the changes to you if you're interested. We've got to
stay with 3.0.10 so I'm going to patch that release for our use, but
I'll be happy to port the changes to the tip code as well if you wish.
Thanks,
Joe
More information about the samba-technical
mailing list