Mark London wrote:
Hi - When our primary DNS is unreachable, SSSD with LDAP breaks, or is incredibly slow. I've traced it to the fact that several of the LDAP timeout values are 6 seconds. This is not long enough, because the default DNS timeout failover is 5 seconds. Incoming SSH connections are impossible without increasing the LDAP timeout value. I'm not sure yet which is the critical setting, but I've increased the following from 6 seconds to 30:
Hi - First, I had a typo in the above paragraph of my previous email. I mean to say "impossible without increasing". Instead I said "impossible with increasing".
Secondly, I discovered that SSSD has an internal resolver, and found the dns_resolver_timeout variable. I changed it from 5 seconds 1 second, but that didn't help. I still see 5 second delays when sdap_ldap_connect_callback_add is called. It would be nice if the internal resolver had a cache! Any other suggestions? I'll be happy to hack the code, if someone could give me any idea of what needs to be fixed. This situation has occurred several times over the past few months, causing major problems. Thanks.
- Mark _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
