LDAP delay when connected DC goes down
Jeremy Allison
jra at samba.org
Tue Jan 11 02:12:00 GMT 2005
On Mon, Jan 10, 2005 at 12:05:52PM -0800, Joe Meadows wrote:
>
> A couple of us have been looking into a problem that shows up when a
> Samba server is joined to an ADS domain and the DC that it is connected
> to becomes unreachable. We were seeing a long delay (sixteen minutes)
> before the server would time out and failover to another DC. We tracked
> the delay down to the function ads_do_paged_search() which is calling
> ldap_search_ext_s() without setting a timeout. I've noticed that the
> function ads_do_search() also calls ldap_search_ext_s(), but in this
> case it is given a timeout of ADS_SEARCH_TIMEOUT (10 seconds).
>
> We modified the code so that ads_do_paged_search() also sets a timeout
> when calling ldap_search_ext_s(). In this case the timeout is set to
> lp_ldap_timeout(), which is set by the 'ldap timeout' parameter in
> smb.conf or defaults to 15 seconds. With this change in place our
> testing shows that the problem is effectively fixed. Samba times out
> after the specified time and reattaches to the domain using a different
> DC. I am curious if not setting the timeout in ads_do_paged_search()
> was done intentionally and if there is any reason why a timeout here
> would be a bad thing. Our testing is focused on this one problem that
> we're running into and the timeout does seem to fix it, but will this
> change create problems elsewhere?
>
> BTW, the 'ldap timeout' in smb.conf currently only controls the
> *connect* timeout and has no effect on the search timeout. I also tried
> to set the search timeout using ldap_set_option but this did not work.
> The reason turns out to be that for ldap_search_ext_s() the timeout only
> controls the amount of time that the server will spend searching, but
> does not affect the local timeout (the time that the client will wait
> for the results of the search).
Looks correct to me. Can you try this patch, which should cause all
ldap timeouts to be consistent. Thanks,
Jeremy.
-------------- next part --------------
Index: include/ads.h
===================================================================
--- include/ads.h (revision 4655)
+++ include/ads.h (working copy)
@@ -76,9 +76,6 @@
/* time between reconnect attempts */
#define ADS_RECONNECT_TIME 5
-/* timeout on searches */
-#define ADS_SEARCH_TIMEOUT 10
-
/* ldap control oids */
#define ADS_PAGE_CTL_OID "1.2.840.113556.1.4.319"
#define ADS_NO_REFERRALS_OID "1.2.840.113556.1.4.1339"
Index: libads/ldap.c
===================================================================
--- libads/ldap.c (revision 4655)
+++ libads/ldap.c (working copy)
@@ -75,20 +75,24 @@
int attrsonly,
LDAPControl **sctrls,
LDAPControl **cctrls,
- struct timeval *timeout,
int sizelimit,
LDAPMessage **res )
{
+ struct timeval timeout;
int result;
- /* Setup timeout */
+ /* Setup timeout for the ldap_search_ext_s call - local and remote. */
+ timeout.tv_sec = lp_ldap_timeout();
+ timeout.tv_usec = 0;
+
+ /* Setup alarm timeout.... Do we need both of these ? JRA. */
gotalarm = 0;
CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
alarm(lp_ldap_timeout());
/* End setup timeout. */
result = ldap_search_ext_s(ld, base, scope, filter, attrs,
- attrsonly, sctrls, cctrls, timeout,
+ attrsonly, sctrls, cctrls, &timeout,
sizelimit, res);
/* Teardown timeout. */
@@ -504,14 +508,14 @@
rc = ldap_search_with_timeout(ads->ld, utf8_path, scope, utf8_expr,
search_attrs, 0, controls,
- NULL, NULL, LDAP_NO_LIMIT,
+ NULL, LDAP_NO_LIMIT,
(LDAPMessage **)res);
ber_free(cookie_be, 1);
ber_bvfree(cookie_bv);
if (rc) {
- DEBUG(3,("ldap_search_with_timeout(%s) -> %s\n", expr,
+ DEBUG(3,("ads_do_paged_search: ldap_search_with_timeout(%s) -> %s\n", expr,
ldap_err2string(rc)));
goto done;
}
@@ -655,7 +659,6 @@
const char *expr,
const char **attrs, void **res)
{
- struct timeval timeout;
int rc;
char *utf8_expr, *utf8_path, **search_attrs = NULL;
TALLOC_CTX *ctx;
@@ -689,15 +692,12 @@
}
}
- timeout.tv_sec = ADS_SEARCH_TIMEOUT;
- timeout.tv_usec = 0;
-
/* see the note in ads_do_paged_search - we *must* disable referrals */
ldap_set_option(ads->ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
rc = ldap_search_with_timeout(ads->ld, utf8_path, scope, utf8_expr,
search_attrs, 0, NULL, NULL,
- &timeout, LDAP_NO_LIMIT,
+ LDAP_NO_LIMIT,
(LDAPMessage **)res);
if (rc == LDAP_SIZELIMIT_EXCEEDED) {
More information about the samba-technical
mailing list