diff options
-rw-r--r-- | src/man/sssd.conf.5.xml | 5 | ||||
-rw-r--r-- | src/providers/ldap/ldap_common.c | 31 | ||||
-rw-r--r-- | src/providers/ldap/ldap_id_enum.c | 14 |
3 files changed, 47 insertions, 3 deletions
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 2bba3805..7392dd09 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -513,6 +513,11 @@ processing. </para> <para> + While the first enumeration is running, requests + for the complete user or group lists may return + no results until it completes. + </para> + <para> Further, enabling enumeration may increase the time necessary to detect network disconnection, as longer timeouts are required to ensure that diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 9945b4b1..a38d5cc2 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -415,12 +415,37 @@ int sdap_id_setup_tasks(struct sdap_id_ctx *ctx) struct timeval tv; int ret = EOK; int delay; + bool has_enumerated; /* set up enumeration task */ if (ctx->be->domain->enumerate) { - /* run the first one in a couple of seconds so that we have time to - * finish initializations first*/ - tv = tevent_timeval_current_ofs(10, 0); + /* If this is the first startup, we need to kick off + * an enumeration immediately, to close a window where + * clients requesting get*ent information won't get an + * immediate reply with no entries + */ + ret = sysdb_has_enumerated(ctx->be->sysdb, + ctx->be->domain, + &has_enumerated); + if (ret != EOK) { + return ret; + } + if (has_enumerated) { + /* At least one enumeration has previously run, + * so clients will get cached data. We will delay + * starting to enumerate by 10s so we don't slow + * down the startup process if this is happening + * during system boot. + */ + tv = tevent_timeval_current_ofs(10, 0); + } else { + /* This is our first startup. Schedule the + * enumeration to start immediately once we + * enter the mainloop. + */ + tv = tevent_timeval_current(); + } + ret = ldap_id_enumerate_set_timer(ctx, tv); } else { /* the enumeration task, runs the cleanup process by itself, diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c index f2ac8c6a..8695f355 100644 --- a/src/providers/ldap/ldap_id_enum.c +++ b/src/providers/ldap/ldap_id_enum.c @@ -134,12 +134,26 @@ static void ldap_id_enumerate_reschedule(struct tevent_req *req) uint64_t err; struct timeval tv; int delay; + errno_t ret; if (tevent_req_is_error(req, &tstate, &err)) { /* On error schedule starting from now, not the last run */ tv = tevent_timeval_current(); } else { tv = ctx->last_enum; + + /* Ok, we've completed an enumeration. Save this to the + * sysdb so we can postpone starting up the enumeration + * process on the next SSSD service restart (to avoid + * slowing down system boot-up + */ + ret = sysdb_set_enumerated(ctx->be->sysdb, + ctx->be->domain, + true); + if (ret != EOK) { + DEBUG(1, ("Could not mark domain as having enumerated.\n")); + /* This error is non-fatal, so continue */ + } } talloc_zfree(req); |