On 5/22/19 3:28 PM, dee heffem wrote:
On 5/21/19 4:31 PM, Michael Ströder wrote:
Is your overlay processing a single bind operation?
AFAIK the slapd worker thread is blocked for the whole processing time of a single bind operation. Thus I have some doubts that you want to implement an auth mechanism with such asynchronous characteristics in an overlay.
Yes. Also, I now see what you mean. Testing simultaneous auth sessions was the next TODO after increasing the timeout. Alas, as you mention, when two users attempt a bind (ldapsearch -D for instance) User #2 does not get a push request until User #1 has finished auth. Blasted thing.
I would not expect the 2nd request to block. I would expect the n+1 bind operation to block with n being the value configured with slapd.conf directive 'threads'.
Can lutil_passwd_add() be told to run in another thread or something? Perhaps this is just digging a hole deeper however.
Each request is processed by a slapd worker-thread. But this means that when setting
threads n
in your slapd.conf only max. n bind operations can wait for push message. The next one will block
BTW: Not sure about the capabilities of the 2FA service you're using. Such a service might serialize all your calls or have some other type of rate-limiting in place.
Ciao, Michael.