On 5/21/19 4:12 PM, dee heffem wrote: > I'm calling a 3rd party 2FA API from within a password module in > OpenLDAP. The 2FA API call sends an SMS push to a mobile device. > > If the push does not return a result within 10 seconds, auth > fails with what looks like a socket (tls_read) timeout[1]. What is going > on there and can this timeout be increased if that's what this is? > > 60 seconds would be more user friendly but after some experimentation > with ldap_set_option() I've not been able to affect the connection > timeout -- if that's what it is.
Is your overlay processing a single bind operation? AFAIK the slapd worker thread is blocked for the whole processing time of a single bind operation. Thus I have some doubts that you want to implement an auth mechanism with such asynchronous characteristics in an overlay. Ciao, Michael.
