Re: [PATCH] increase hardcoded timeouts
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [PATCH] increase hardcoded timeouts
- From: Patrick McLean <chutzpah [at] gentoo.org>
- To: Arthur de Jong <arthur [at] arthurdejong.org>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: [PATCH] increase hardcoded timeouts
- Date: Sun, 25 Sep 2016 01:47:39 -0700
On Sat, 24 Sep 2016 14:44:57 +0200
Arthur de Jong <arthur@arthurdejong.org> wrote:
> On Fri, 2016-09-23 at 10:20 -0700, Patrick McLean wrote:
> > The current hardcoded timeouts are too small for some high-latency
> > overseas links, this patch increases them to levels that work well on
> > overseas links.
>
> The hard-coded timeouts READ_TIMEOUT, WRITE_TIMEOUT and SKIP_TIMEOUT
> are only used for the socket communication between the NSS (and PAM)
> modules and nslcd. This traffic should not go over the network but
> should remain on the same machine (via /var/run/nslcd/socket).
>
> This timeout is mostly used to ensure that if nslcd is hanging not all
> applications hang indefinitely and that a hanging application will not
> keep nslcd resource open indefinitely.
>
> The network communication between nslcd and the LDAP server can be
> tuned with bind_timelimit, timelimit and idle_timelimit in nslcd.conf.
>
> Hope this clarifies things,
>
Yes, I know that it is in the socket. We were experiencing issues when
the LDAP server was across the ocean where the increased delay in the
server getting a response was causing the client to misbehave. We would
see users occasionally not be able to log in, and disappearing from
certain groups (which can be a bit of an issue when you rely on group
membership for sudo access control).
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/
