ejabberd icon indicating copy to clipboard operation
ejabberd copied to clipboard

Published 20 hours ago verified publisher icon processone

LDAP query timeout hard coded

Open photoninger opened this issue 6 years ago • 7 comments

What version of ejabberd are you using?

18.01

What operating system (version) are you using?

Debian stretch

How did you install ejabberd (source, package, distribution)?

dpkg from stretch-backports

What did not work as expected? Are there error messages in the log? What was the unexpected behavior? What was the expected result?

We are using LDAP-backend for our users which works fine for normal operations. But some ejabberdctl commands run in LDAP query timeouts (our LDAP server is not the fastest and we have a lot of users). E.g. "registered_users HOST" shows zero users or "ejabberdctl delete_old_users 30" deletes zero users.

Debug-Log:

16:01:02.002 [debug] <0.28499.0>@ejabberd_commands:do_execute_command:495 Executing command mod_admin_extra:delete_old_users with Args=[30]
16:01:02.003 [debug] <0.509.0>@eldap:send_command:776 {searchRequest,{'SearchRequest',<<"ou=XX,ou=XX,o=XX,c=XX">>,wholeSubtree,neverDerefAliases,0,5,false,{substrings,{'SubstringFilter',<<"UserEmail">>,[{final,<<"@HOST">>}]}},[<<"UserEmail">>]}}
16:01:15.182 [debug] <0.509.0>@eldap:recvd_packet:836 {searchResDone,{'LDAPResult',timeLimitExceeded,<<>>,<<>>,asn1_NOVALUE}}

For us people with slow LDAP servers it would be nice to have a config option for LDAP query timeouts instead of the hard coded value of 10sec.

photoninger avatar May 16 '18 16:05 photoninger

@photoninger: What is the status at this time with the current version?

Neustradamus avatar May 14 '23 13:05 Neustradamus

Still the same. Tested on Debian bullseye with ejabberd-21.12-1~bpo11+1 Tried to install ejabberd-23.01-1~bpo11+1 from bullseye-backports, but it fails because of unmet dependencies.

photoninger avatar May 15 '23 13:05 photoninger

There are several timeouts defined in https://github.com/processone/ejabberd/blob/dd2efc360b7f6371f870c56a1cf8c4a6c50b87df/src/eldap.erl#L95

Maybe one of those is the one affecting you? You could try investigate which one is relevant, so you can make amore precise feature proposal.

If it's a problem for you to compile a precise ejabberd version with a precise erlang version (which is recommended if you are using an existing operating system package), ping me and I'll check at some dockerfile and instructions to produce the *.beam files... this would allow to later simply copy eldap.beam to an existing server.

badlop avatar May 15 '23 18:05 badlop

@photoninger: Have you contacted @debalance about your problem? Have you upgraded your Debian?

Neustradamus avatar Mar 14 '24 02:03 Neustradamus

I am sorry, I still had no time to upgrade and test again. It is on my todo list...

photoninger avatar Mar 14 '24 09:03 photoninger

Finally i managed to upgrade to debian bookworm and ejabberd-23.10 from backports. ejabberdctl registered_users takes now about 5-6sec to run and lists all internal registered users, but no ldap users. debug logging shows a ldap search for all possible users is done and all entries are found, but none of them is listed in the output. But this might be another problem that only internal users are listed.

photoninger avatar May 02 '24 15:05 photoninger