[Pkg-openldap-devel] r699 - openldap/trunk-2.3/debian
Matthijs Mohlmann
matthijs at cacholong.nl
Wed Aug 2 17:43:54 UTC 2006
On Wed, 26 Jul 2006 14:57:03 -0400
Stephen Frost <sfrost at snowman.net> wrote:
> * Steve Langasek (vorlon at debian.org) wrote:
> > On Tue, Jul 25, 2006 at 08:33:51PM +0000, Matthijs Mohlmann wrote:
> > > + * Create a new user before slapd is stopped. It is possible that libnss-ldap
> > > + is using slapd on localhost which causes a hang in the upgrade procedure.
> > > + (Closes: #379728)
> >
> > I don't think this is a correct solution at all. Why is getent group
> > hanging on this user's system? slapd being disabled shouldn't cause this;
> > it sounds to me like this is a buggy NSS configuration, probably caused by
> > the new stupid upstream defaults in libnss-ldap which the Debian maintainer
> > has confirmed over my objections.
> >
> > NSS hanging indefinitely due to a downed server is BROKEN BROKEN BROKEN, and
> > one-off workarounds for the symptoms are a disservice to our users.
>
> Users might also not particularly care for NSS lookups failing
> immediately when slapd is restarted. Of course, this is certainly
> configurable by the user: set bind_policy soft if you want NSS lookups
> to fail immediately on server failure. Additionally, it shouldn't
> actually hang indefinitely. It should look like this:
>
> tries 0:
> Attempt connection to all URIs
> tries 1:
> Attempt connection to all URIs
> tries 2:
> sleep(4)
> Attempt connection to all URIs
> tries 3:
> sleep(8)
> Attempt connection to all URIs
> tries 4:
> sleep(16)
> Attempt connection to all URIs
> tries 5:
> sleep(32)
> Attempt connection to all URIs
> tries 6:
> sleep(64)
> Attempt connection to all URIs
> fail
>
> There should also be log messages happening along the lines of:
> "nss_ldap: reconnecting to LDAP server (sleeping %d seconds)..."
>
> Or about 2 minutes per NSS call. Unfortunately, there could be quite a
> few NSS calls, though I'm somewhat skeptical about the 10 minute claim.
> I'm willing to drop the length of time till failure some but I'd like
> input from people on how long a slapd restart takes on decent sized
> directories. I don't think it's a good idea to have 'soft' be the
> default bind policy.
>
> Thanks,
>
> Stephen
Hi,
My situation is with around 10.000 entries in the database and will usually restart in a few seconds:
www0:~# time /etc/init.d/slapd restart
Stopping OpenLDAP: slapd.
Starting OpenLDAP: running BDB recovery, slapd.
real 0m2.435s
user 0m0.140s
sys 0m0.072s
This is with 2.2.23-8 (Sarge version)
And with 2.3.24-2:
test:~# time /etc/init.d/slapd restart
Stopping OpenLDAP: slapd.
Starting OpenLDAP: slapd.
real 0m0.244s
user 0m0.064s
sys 0m0.019s
Note that this is in a test environment.
Someone with a database with more entries and can post results of how fast slapd restarts ?
Regards,
Matthijs Mohlmann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20060802/60537852/signature.pgp
More information about the Pkg-openldap-devel
mailing list