On Fri, Feb 03, 2012 at 10:40:31AM +0100, Jakub Hrozek wrote:
> On Fri, Feb 03, 2012 at 10:12:54AM +0100, Jan Zelený wrote:
> > > This patch makes several changes, making the code more manageable by
> > > reducing the places we need to look for cache values, as well as
> > > improving the granularity of our cache settings.
> > >
> > > 1) Add four new options: entry_cache_user_timeout,
> > > entry_cache_group_timeout, entry_cache_netgroup_timeout and
> > > entry_cache_service_timeout. If they are unspecified, they will be
> > > populated internally with the value of entry_cache_timeout (or its
> > > default in turn of 5400).
> > >
> > > 2) These new cache values are stored as members of the sss_domain_info
> > > structure, which we have available pretty much everywhere in the
> > > providers.
> > >
> > > 3) It removes 'entry_cache_timeout' from the dp_opt lists for both the
> > > LDAP and IPA identity providers, in preference to the sss_domain_info
> > > structure.
> > >
> > > 4) The proxy provider no longer reads the entry_cache_timeout into its
> > > own proxy_id_ctx either, in preference to the sss_domain_info structure.
> > >
> > >
> > > There are also two minor additional fixes I included while adding these
> > > features. There were two places in the code where we were incorrectly
> > > using the entry_cache_timeout as the timeout value of an LDAP operation.
> > > Thus, it was possible to be stuck waiting 90 minutes (by default) for an
> > > LDAP server to reply. (This was only possible during nested group
> > > processing on FreeIPA servers, I believe).
> >
> > Nack,
> > please rebase the patch on top of current master.
> >
> > Where possible, don't give the sss_domain_info as an argument, it's part of
> > the sysdb_ctx and can be retrieved by sysdb_ctx_get_domain().
> >
> > Other than that the patch looks fine, I haven't done any testing due to
> > inability to apply the patch.
> >
> > Thanks
> > Jan
>
> I'm rebasing the autofs patches on top of this one, so I attached a a
> patch rebased on current master.
You also need to remove entry_cache_timeout from ipa_def_ldap_opts[].
The new options are not documented, is that intentional (iow, are they
considered too low-level) ?
The descriptions in SSSDConfig.py read all the same, shouldn't they say
"_('User entry cache timeout length (seconds)')," for example?
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
