On Fri, Feb 03, 2012 at 10:12:54AM +0100, Jan Zelený wrote:
> This patch makes several changes, making the code more
manageable by
> reducing the places we need to look for cache values, as well as
> improving the granularity of our cache settings.
>
> 1) Add four new options: entry_cache_user_timeout,
> entry_cache_group_timeout, entry_cache_netgroup_timeout and
> entry_cache_service_timeout. If they are unspecified, they will be
> populated internally with the value of entry_cache_timeout (or its
> default in turn of 5400).
>
> 2) These new cache values are stored as members of the sss_domain_info
> structure, which we have available pretty much everywhere in the
> providers.
>
> 3) It removes 'entry_cache_timeout' from the dp_opt lists for both the
> LDAP and IPA identity providers, in preference to the sss_domain_info
> structure.
>
> 4) The proxy provider no longer reads the entry_cache_timeout into its
> own proxy_id_ctx either, in preference to the sss_domain_info structure.
>
>
> There are also two minor additional fixes I included while adding these
> features. There were two places in the code where we were incorrectly
> using the entry_cache_timeout as the timeout value of an LDAP operation.
> Thus, it was possible to be stuck waiting 90 minutes (by default) for an
> LDAP server to reply. (This was only possible during nested group
> processing on FreeIPA servers, I believe).
Nack,
please rebase the patch on top of current master.
Where possible, don't give the sss_domain_info as an argument, it's part of
the sysdb_ctx and can be retrieved by sysdb_ctx_get_domain().
Other than that the patch looks fine, I haven't done any testing due to
inability to apply the patch.
Thanks
Jan
I'm rebasing the autofs patches on top of this one, so I attached a a
patch rebased on current master.