summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/config/SSSDConfig.py1
-rw-r--r--src/config/etc/sssd.api.d/sssd-ldap.conf1
-rw-r--r--src/man/sssd-ldap.5.xml28
-rw-r--r--src/providers/ipa/ipa_access.c6
-rw-r--r--src/providers/ipa/ipa_common.c5
-rw-r--r--src/providers/ipa/ipa_common.h2
-rw-r--r--src/providers/ldap/ldap_common.c5
-rw-r--r--src/providers/ldap/ldap_id_enum.c4
-rw-r--r--src/providers/ldap/sdap.h1
9 files changed, 38 insertions, 15 deletions
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index d23641c9..b3861a55 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -140,6 +140,7 @@ option_strings = {
# [provider/ldap/id]
'ldap_search_timeout' : _('Length of time to wait for a search request'),
+ 'ldap_enumeration_search_timeout' : _('Length of time to wait for a enumeration request'),
'ldap_enumeration_refresh_timeout' : _('Length of time between enumeration updates'),
'ldap_purge_cache_timeout' : _('Length of time between cache cleanups'),
'ldap_id_use_start_tls' : _('Require TLS for ID lookups'),
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index c2179f2d..8aaecd5d 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -27,6 +27,7 @@ ldap_deref = str, None, false
[provider/ldap/id]
ldap_search_timeout = int, None, false
+ldap_enumeration_search_timeout = int, None, false
ldap_enumeration_refresh_timeout = int, None, false
ldap_purge_cache_timeout = int, None, false
ldap_id_use_start_tls = bool, None, true, false
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index 7a733462..175ec356 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -718,14 +718,32 @@
<term>ldap_search_timeout (integer)</term>
<listitem>
<para>
- Specifies the timeout (in seconds) that ldap searches
+ Specifies the timeout (in seconds) that ldap
+ searches are allowed to run before they are
+ cancelled and cached results are returned (and
+ offline mode is entered)
+ </para>
+ <para>
+ Note: this option is subject to change in future
+ versions of the SSSD. It will likely be replaced at
+ some point by a series of timeouts for specific
+ lookup types.
+ </para>
+ <para>
+ Default: 6
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>ldap_enumeration_search_timeout (integer)</term>
+ <listitem>
+ <para>
+ Specifies the timeout (in seconds) that ldap
+ searches for user and group enumerations
are allowed to run before they are cancelled and
cached results are returned (and offline mode is
entered)
-
- Note: this option is subject to change in future versions
- of the SSSD. It will likely be replaced at some point by
- a series of timeouts for specific lookup types.
</para>
<para>
Default: 60
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index 61caef10..feddc87d 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -545,7 +545,7 @@ struct tevent_req *hbac_get_service_data_send(TALLOC_CTX *memctx,
NULL, 0,
dp_opt_get_int(
hbac_ctx_sdap_id_ctx(state->hbac_ctx)->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_ENUM_SEARCH_TIMEOUT));
if (subreq == NULL) {
DEBUG(1, ("sdap_get_generic_send failed.\n"));
@@ -842,7 +842,7 @@ static struct tevent_req *hbac_get_host_info_send(TALLOC_CTX *memctx,
NULL, 0,
dp_opt_get_int(
hbac_ctx_sdap_id_ctx(state->hbac_ctx)->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_ENUM_SEARCH_TIMEOUT));
if (subreq == NULL) {
DEBUG(1, ("sdap_get_generic_send failed.\n"));
@@ -1163,7 +1163,7 @@ static struct tevent_req *hbac_get_rules_send(TALLOC_CTX *memctx,
NULL, 0,
dp_opt_get_int(
hbac_ctx_sdap_id_ctx(state->hbac_ctx)->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_ENUM_SEARCH_TIMEOUT));
if (subreq == NULL) {
DEBUG(1, ("sdap_get_generic_send failed.\n"));
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index a42cc3b4..4c96babc 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -43,7 +43,7 @@ struct dp_option ipa_def_ldap_opts[] = {
{ "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_default_authtok_type", DP_OPT_STRING, NULL_STRING, NULL_STRING},
{ "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB },
- { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER },
+ { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
{ "ldap_network_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
{ "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
{ "ldap_tls_reqcert", DP_OPT_STRING, { "hard" }, NULL_STRING },
@@ -81,7 +81,8 @@ struct dp_option ipa_def_ldap_opts[] = {
{ "ldap_account_expire_policy", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_access_order", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_chpass_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_chpass_dns_service_name", DP_OPT_STRING, NULL_STRING, NULL_STRING }
+ { "ldap_chpass_dns_service_name", DP_OPT_STRING, NULL_STRING, NULL_STRING },
+ { "ldap_enumeration_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }
};
struct sdap_attr_map ipa_attr_map[] = {
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index 4d79c03c..49618f01 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -35,7 +35,7 @@ struct ipa_service {
/* the following defines are used to keep track of the options in the ldap
* module, so that if they change and ipa is not updated correspondingly
* this will trigger a runtime abort error */
-#define IPA_OPTS_BASIC_TEST 43
+#define IPA_OPTS_BASIC_TEST 44
/* the following define is used to keep track of the options in the krb5
* module, so that if they change and ipa is not updated correspondingly
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index c98dd4ff..6daf2c9f 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -39,7 +39,7 @@ struct dp_option default_basic_opts[] = {
{ "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_default_authtok_type", DP_OPT_STRING, NULL_STRING, NULL_STRING},
{ "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB },
- { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER },
+ { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
{ "ldap_network_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
{ "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
{ "ldap_tls_reqcert", DP_OPT_STRING, { "hard" }, NULL_STRING },
@@ -77,7 +77,8 @@ struct dp_option default_basic_opts[] = {
{ "ldap_account_expire_policy", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_access_order", DP_OPT_STRING, { "filter" }, NULL_STRING },
{ "ldap_chpass_uri", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_chpass_dns_service_name", DP_OPT_STRING, NULL_STRING, NULL_STRING }
+ { "ldap_chpass_dns_service_name", DP_OPT_STRING, NULL_STRING, NULL_STRING },
+ { "ldap_enumeration_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }
};
struct sdap_attr_map generic_attr_map[] = {
diff --git a/src/providers/ldap/ldap_id_enum.c b/src/providers/ldap/ldap_id_enum.c
index 3335f70d..f47ee9fb 100644
--- a/src/providers/ldap/ldap_id_enum.c
+++ b/src/providers/ldap/ldap_id_enum.c
@@ -473,7 +473,7 @@ static struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
sdap_id_op_handle(state->op),
state->attrs, state->filter,
dp_opt_get_int(state->ctx->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_ENUM_SEARCH_TIMEOUT));
if (!subreq) {
ret = ENOMEM;
goto fail;
@@ -577,7 +577,7 @@ static struct tevent_req *enum_groups_send(TALLOC_CTX *memctx,
state->ctx->opts, sdap_id_op_handle(state->op),
state->attrs, state->filter,
dp_opt_get_int(state->ctx->opts->basic,
- SDAP_SEARCH_TIMEOUT));
+ SDAP_ENUM_SEARCH_TIMEOUT));
if (!subreq) {
ret = ENOMEM;
goto fail;
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 57865fe0..9ef9b70c 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -191,6 +191,7 @@ enum sdap_basic_opt {
SDAP_ACCESS_ORDER,
SDAP_CHPASS_URI,
SDAP_CHPASS_DNS_SERVICE_NAME,
+ SDAP_ENUM_SEARCH_TIMEOUT,
SDAP_OPTS_BASIC /* opts counter */
};