Re: Changing timeouts from a slapd module
On 5/22/19 3:28 PM, dee heffem wrote:
On 5/21/19 4:31 PM, Michael Ströder wrote:
> Is your overlay processing a single bind operation?
>
> AFAIK the slapd worker thread is blocked for the whole processing time
> of a single bind operation. Thus I have some doubts that you want to
> implement an auth mechanism with such asynchronous characteristics in an
> overlay.
Yes. Also, I now see what you mean. Testing simultaneous auth sessions
was the next TODO after increasing the timeout. Alas, as you mention,
when two users attempt a bind (ldapsearch -D for instance) User #2 does
not get a push request until User #1 has finished auth. Blasted thing.
I would not expect the 2nd request to block. I would expect the n+1 bind
operation to block with n being the value configured with slapd.conf
directive 'threads'.
Can lutil_passwd_add() be told to run in another thread or
something?
Perhaps this is just digging a hole deeper however.
Each request is processed by a slapd worker-thread. But this means that
when setting
threads n
in your slapd.conf only max. n bind operations can wait for push
message. The next one will block
BTW: Not sure about the capabilities of the 2FA service you're using.
Such a service might serialize all your calls or have some other type of
rate-limiting in place.
Ciao, Michael.