search

processone / ejabberd

Robust, Ubiquitous and Massively Scalable Messaging Platform (XMPP, MQTT, SIP Server)
https://www.process-one.net/en/ejabberd/
Other
6k stars 1.5k forks source link

LDAP query timeout hard coded #2419

Open photoninger opened 6 years ago

photoninger commented 6 years ago

What version of ejabberd are you using?

18.01

What operating system (version) are you using?

Debian stretch

How did you install ejabberd (source, package, distribution)?

dpkg from stretch-backports

What did not work as expected? Are there error messages in the log? What was the unexpected behavior? What was the expected result?

We are using LDAP-backend for our users which works fine for normal operations. But some ejabberdctl commands run in LDAP query timeouts (our LDAP server is not the fastest and we have a lot of users). E.g. "registered_users HOST" shows zero users or "ejabberdctl delete_old_users 30" deletes zero users.

Debug-Log:

16:01:02.002 [debug] <0.28499.0>@ejabberd_commands:do_execute_command:495 Executing command mod_admin_extra:delete_old_users with Args=[30]
16:01:02.003 [debug] <0.509.0>@eldap:send_command:776 {searchRequest,{'SearchRequest',<<"ou=XX,ou=XX,o=XX,c=XX">>,wholeSubtree,neverDerefAliases,0,5,false,{substrings,{'SubstringFilter',<<"UserEmail">>,[{final,<<"@HOST">>}]}},[<<"UserEmail">>]}}
16:01:15.182 [debug] <0.509.0>@eldap:recvd_packet:836 {searchResDone,{'LDAPResult',timeLimitExceeded,<<>>,<<>>,asn1_NOVALUE}}

For us people with slow LDAP servers it would be nice to have a config option for LDAP query timeouts instead of the hard coded value of 10sec.

Neustradamus commented 1 year ago

@photoninger: What is the status at this time with the current version?

photoninger commented 1 year ago

Still the same. Tested on Debian bullseye with ejabberd-21.12-1~bpo11+1 Tried to install ejabberd-23.01-1~bpo11+1 from bullseye-backports, but it fails because of unmet dependencies.

badlop commented 1 year ago

There are several timeouts defined in https://github.com/processone/ejabberd/blob/dd2efc360b7f6371f870c56a1cf8c4a6c50b87df/src/eldap.erl#L95

Maybe one of those is the one affecting you? You could try investigate which one is relevant, so you can make amore precise feature proposal.

If it's a problem for you to compile a precise ejabberd version with a precise erlang version (which is recommended if you are using an existing operating system package), ping me and I'll check at some dockerfile and instructions to produce the *.beam files... this would allow to later simply copy eldap.beam to an existing server.

Neustradamus commented 3 months ago

@photoninger: Have you contacted @debalance about your problem? Have you upgraded your Debian?

photoninger commented 3 months ago

I am sorry, I still had no time to upgrade and test again. It is on my todo list...

photoninger commented 2 months ago

Finally i managed to upgrade to debian bookworm and ejabberd-23.10 from backports. ejabberdctl registered_users takes now about 5-6sec to run and lists all internal registered users, but no ldap users. debug logging shows a ldap search for all possible users is done and all entries are found, but none of them is listed in the output. But this might be another problem that only internal users are listed.