summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/man/sssd.conf.5.xml5
-rw-r--r--src/providers/ldap/ldap_common.c31
-rw-r--r--src/providers/ldap/ldap_id_enum.c14
3 files changed, 47 insertions, 3 deletions
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 2bba3805..7392dd09 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -513,6 +513,11 @@
processing.
</para>
<para>
+ While the first enumeration is running, requests
+ for the complete user or group lists may return
+ no results until it completes.
+ </para>
+ <para>
Further, enabling enumeration may increase the time
necessary to detect network disconnection, as
longer timeouts are required to ensure that
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 9945b4b1..a38d5cc2 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -415,12 +415,37 @@ int sdap_id_setup_tasks(struct sdap_id_ctx *ctx)
struct timeval tv;
int ret = EOK;
int delay;
+ bool has_enumerated;
/* set up enumeration task */
if (ctx->be->domain->enumerate) {
- /* run the first one in a couple of seconds so that we have time to
- * finish initializations first*/
- tv = tevent_timeval_current_ofs(10, 0);
+ /* If this is the first startup, we need to kick off
+ * an enumeration immediately, to close a window where
+ * clients requesting get*ent information won't get an
+ * immediate reply with no entries
+ */
+ ret = sysdb_has_enumerated(ctx->be->sysdb,
+ ctx->be->domain,
+ &has_enumerated);
+ if (ret != EOK) {
+ return ret;
+ }
+ if (has_enumerated) {
+ /* At least one enumeration has previously run,
+ * so clients will get cached data. We will delay
+ * starting to enumerate by 10s so we don't slow
+ * down the startup process if this is happening
+ * during system boot.
+ */
+ tv = tevent_timeval_current_ofs(10, 0);
+ } else {
+ /* This is our first startup. Schedule the
+ * enumeration to start immediately once we
+ * enter the mainloop.
+ */
+ tv = tevent_timeval_current();
+ }
+
ret = ldap_id_enumerate_set_timer(ctx, tv);
} else {
/* the enumeration task, runs the cleanup process by itself,
diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c
index f2ac8c6a..8695f355 100644
--- a/src/providers/ldap/ldap_id_enum.c
+++ b/src/providers/ldap/ldap_id_enum.c
@@ -134,12 +134,26 @@ static void ldap_id_enumerate_reschedule(struct tevent_req *req)
uint64_t err;
struct timeval tv;
int delay;
+ errno_t ret;
if (tevent_req_is_error(req, &tstate, &err)) {
/* On error schedule starting from now, not the last run */
tv = tevent_timeval_current();
} else {
tv = ctx->last_enum;
+
+ /* Ok, we've completed an enumeration. Save this to the
+ * sysdb so we can postpone starting up the enumeration
+ * process on the next SSSD service restart (to avoid
+ * slowing down system boot-up
+ */
+ ret = sysdb_set_enumerated(ctx->be->sysdb,
+ ctx->be->domain,
+ true);
+ if (ret != EOK) {
+ DEBUG(1, ("Could not mark domain as having enumerated.\n"));
+ /* This error is non-fatal, so continue */
+ }
}
talloc_zfree(req);