RSS feed

Re: [PATCH] increase hardcoded timeouts

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: [PATCH] increase hardcoded timeouts

On Sat, 24 Sep 2016 14:44:57 +0200
Arthur de Jong <> wrote:

> On Fri, 2016-09-23 at 10:20 -0700, Patrick McLean wrote:
> > The current hardcoded timeouts are too small for some high-latency
> > overseas links, this patch increases them to levels that work well on
> > overseas links.  
> The hard-coded timeouts READ_TIMEOUT, WRITE_TIMEOUT and SKIP_TIMEOUT
> are only used for the socket communication between the NSS (and PAM)
> modules and nslcd. This traffic should not go over the network but
> should remain on the same machine (via /var/run/nslcd/socket).
> This timeout is mostly used to ensure that if nslcd is hanging not all
> applications hang indefinitely and that a hanging application will not
> keep nslcd resource open indefinitely.
> The network communication between nslcd and the LDAP server can be
> tuned with bind_timelimit, timelimit and idle_timelimit in nslcd.conf.
> Hope this clarifies things,

Yes, I know that it is in the socket. We were experiencing issues when
the LDAP server was across the ocean where the increased delay in the
server getting a response was causing the client to misbehave. We would
see users occasionally not be able to log in, and disappearing from
certain groups (which can be a bit of an issue when you rely on group
membership for sudo access control).
To unsubscribe send an email to or see