On Fri, Feb 03, 2012 at 10:40:31AM +0100, Jakub Hrozek wrote: > On Fri, Feb 03, 2012 at 10:12:54AM +0100, Jan Zelený wrote: > > > This patch makes several changes, making the code more manageable by > > > reducing the places we need to look for cache values, as well as > > > improving the granularity of our cache settings. > > > > > > 1) Add four new options: entry_cache_user_timeout, > > > entry_cache_group_timeout, entry_cache_netgroup_timeout and > > > entry_cache_service_timeout. If they are unspecified, they will be > > > populated internally with the value of entry_cache_timeout (or its > > > default in turn of 5400). > > > > > > 2) These new cache values are stored as members of the sss_domain_info > > > structure, which we have available pretty much everywhere in the > > > providers. > > > > > > 3) It removes 'entry_cache_timeout' from the dp_opt lists for both the > > > LDAP and IPA identity providers, in preference to the sss_domain_info > > > structure. > > > > > > 4) The proxy provider no longer reads the entry_cache_timeout into its > > > own proxy_id_ctx either, in preference to the sss_domain_info structure. > > > > > > > > > There are also two minor additional fixes I included while adding these > > > features. There were two places in the code where we were incorrectly > > > using the entry_cache_timeout as the timeout value of an LDAP operation. > > > Thus, it was possible to be stuck waiting 90 minutes (by default) for an > > > LDAP server to reply. (This was only possible during nested group > > > processing on FreeIPA servers, I believe). > > > > Nack, > > please rebase the patch on top of current master. > > > > Where possible, don't give the sss_domain_info as an argument, it's part of > > the sysdb_ctx and can be retrieved by sysdb_ctx_get_domain(). > > > > Other than that the patch looks fine, I haven't done any testing due to > > inability to apply the patch. > > > > Thanks > > Jan > > I'm rebasing the autofs patches on top of this one, so I attached a a > patch rebased on current master.
You also need to remove entry_cache_timeout from ipa_def_ldap_opts[]. The new options are not documented, is that intentional (iow, are they considered too low-level) ? The descriptions in SSSDConfig.py read all the same, shouldn't they say "_('User entry cache timeout length (seconds)')," for example? _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel