You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Philipp Gühring <pg...@futureware.at> on 2012/02/29 12:31:36 UTC
Subversion-LDAP problems
Hi,
I am having a problem with Subversion+LDAP:
I have a repository with approximately a million files.
The subversion client sends every file a HTTP request to the Apache server.
I am using LDAP authentication for Apache+Subversion.
mod_ldap caches some searches, but it still does one LDAP request per HTTP
request to authenticate the user.
The LDAP server I am using does not allow too many requests in a short
timeframe,
and returns "Administrative Limit Exceeded" LDAP errors when receiving too
many requests.
Apache mod_ldap treats Administrative Limit Exceeded errors as errors,
does not retry, and deliver a 500 Internal Server Error to the svn client.
The svn client treats a 500 Internal Server Error as an error, and
rolls-back the whole action (commit).
Practically, it´s impossible with this setup to commit a larger amount of
files at once, the commit never works.
I already asked the LDAP server admins to change from returning 500 to
making a delay and returning a valid LDAP response instead.
I already asked Apache mod_ldap to improve caching the authentication
responses.
Now my suggestion for Subversion client is to add functionality be able to
automatically retry (after a few seconds and only a few times) a request
in case it received a 500 HTTP error.
It would be good if it is possible to set options for how often to retry,
and/or how often to wait.
For the subversion server / apache (I don´t know exactly which module does
what in this code-path), I think it is perhaps an idea to map the LDAP
"Administrative Limit exceeded" to a temporary error, which can be better
detected by a client and be retried by the client.
Best regards,
Philipp Gühring
Re: Subversion-LDAP problems
Posted by Daniel Shahaf <da...@elego.de>.
Philipp Gühring wrote on Wed, Feb 29, 2012 at 12:31:36 +0100:
> Hi,
>
> I am having a problem with Subversion+LDAP:
> I have a repository with approximately a million files.
> The subversion client sends every file a HTTP request to the Apache server.
What kind of requests? GETs or PUTs?
Are you using ra_serf? Try switching to ra_neon. (See 'svn --version'.)
> Now my suggestion for Subversion client is to add functionality be able to
> automatically retry (after a few seconds and only a few times) a request
> in case it received a 500 HTTP error.
> It would be good if it is possible to set options for how often to retry,
> and/or how often to wait.
>
> For the subversion server / apache (I don´t know exactly which module does
> what in this code-path), I think it is perhaps an idea to map the LDAP
> "Administrative Limit exceeded" to a temporary error, which can be better
> detected by a client and be retried by the client.
>
Subversion does not directly interface with LDAP. Either httpd handles
everything itself, or it exposes to us a non-LDAP-specific authnz API.
> Best regards,
> Philipp Gühring
>
HTH. I'm not an httpd expert, though, so others here (or perhaps on
users@httpd) may have better ideas.