Hello, attached patch introduces new bind-dyndb-ldap parameter called "timeout". It controls timeout of the LDAP queries and by default is set to 10 seconds.
The patch solves https://fedorahosted.org/bind-dyndb-ldap/ticket/3. Regards, Adam -- Adam Tkac, Red Hat, Inc.
>From ab991832581345bf40372fe7e1c488edb1567c1a Mon Sep 17 00:00:00 2001 From: Adam Tkac <at...@redhat.com> Date: Thu, 6 Jan 2011 18:17:14 +0100 Subject: [PATCH] Add new parameter - "timeout". This parameter controls timeout of the LDAP queries. Generally timeout of resolvers is 5 seconds so 10 seconds by default should be enough. Solves ticket https://fedorahosted.org/bind-dyndb-ldap/ticket/3. Signed-off-by: Adam Tkac <at...@redhat.com> --- README | 5 +++++ src/ldap_helper.c | 11 ++++++++++- 2 files changed, 15 insertions(+), 1 deletions(-) diff --git a/README b/README index 758f141..5c80344 100644 --- a/README +++ b/README @@ -139,6 +139,11 @@ zone_refresh (default 0) a zone. If this option is set to 0, the LDAP driver will never refresh the settings. +timeout (default 10) + Timeout (in seconds) of the queries to the LDAP server. If the LDAP + server don't respond before this timeout then lookup is aborted and + BIND returns SERVFAIL. Value "0" means infinite timeout (no timeout). + 5.2 Sample configuration ------------------------ diff --git a/src/ldap_helper.c b/src/ldap_helper.c index fbe9f9e..9659b9d 100644 --- a/src/ldap_helper.c +++ b/src/ldap_helper.c @@ -126,6 +126,7 @@ struct ldap_instance { ld_string_t *base; unsigned int connections; unsigned int reconnect_interval; + unsigned int timeout; ldap_auth_t auth_method; ld_string_t *bind_dn; ld_string_t *password; @@ -291,6 +292,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, { "uri", no_default_string }, { "connections", default_uint(2) }, { "reconnect_interval", default_uint(60) }, + { "timeout", default_uint(10) }, { "base", no_default_string }, { "auth_method", default_string("none") }, { "bind_dn", default_string("") }, @@ -346,6 +348,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name, ldap_settings[i++].target = ldap_inst->uri; ldap_settings[i++].target = &ldap_inst->connections; ldap_settings[i++].target = &ldap_inst->reconnect_interval; + ldap_settings[i++].target = &ldap_inst->timeout; ldap_settings[i++].target = ldap_inst->base; ldap_settings[i++].target = auth_method_str; ldap_settings[i++].target = ldap_inst->bind_dn; @@ -1258,6 +1261,7 @@ ldap_query(ldap_connection_t *ldap_conn, const char *base, int scope, char **att { va_list ap; isc_result_t result; + struct timeval timeout; REQUIRE(ldap_conn != NULL); @@ -1273,12 +1277,15 @@ ldap_query(ldap_connection_t *ldap_conn, const char *base, int scope, char **att return ISC_R_FAILURE; } + timeout.tv_sec = ldap_conn->database->timeout; + timeout.tv_usec = 0; + do { int ret; ret = ldap_search_ext_s(ldap_conn->handle, base, scope, str_buf(ldap_conn->query_string), - attrs, attrsonly, NULL, NULL, NULL, + attrs, attrsonly, NULL, NULL, &timeout, LDAP_NO_LIMIT, &ldap_conn->result); if (ret == 0) { @@ -1697,6 +1704,8 @@ handle_connection_error(ldap_connection_t *ldap_conn, isc_result_t *result) log_error("connection to the LDAP server was lost"); if (ldap_connect(ldap_conn) == ISC_R_SUCCESS) return 1; + } else if (err_code == LDAP_TIMEOUT) { + log_error("LDAP query timed out. Try to adjust \"timeout\" parameter"); } else { err_string = ldap_err2string(err_code); } -- 1.7.3.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel