Reviewed: https://review.openstack.org/390948 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=2d239cfbc37573f245e6560b42117828b73d19b9 Submitter: Jenkins Branch: master
commit 2d239cfbc37573f245e6560b42117828b73d19b9 Author: Kam Nasim <kam.na...@windriver.com> Date: Wed Jan 11 18:55:40 2017 +0000 Set connection timeout for LDAP configuration Presently the Identity LDAP driver does not set a connection timeout option which has the disadvantage of causing the Identity LDAP backend handler to stall indefinitely (or until TCP timeout) on LDAP bind, if a) the LDAP URL is incorrect, or b) there is a connection failure/link loss. This commit add a new option to set the LDAP connection timeout to set a new OPT_NETWORK_TIMEOUT option on the LDAP object. This will raise ldap.SERVER_DOWN exceptions on timeout. Signed-off-by: Kam Nasim <kam.na...@windriver.com> Closes-Bug: #1636950 Change-Id: I574e6368169ad60bef2cc990d2d410a638d1b770 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1636950 Title: Set network connection timeout on Keystone Identity's LDAP backend to prevent stall on bind Status in OpenStack Identity (keystone): Fix Released Bug description: In our Mitaka deployment when setting up the Identity driver to use an external LDAP backend, if the URL of the LDAP server is incorrect or there is a network connectivity issue, it is seen that the ldap driver would stall indefinately (or until TCP timeout). This effects both LDAP connection pools and SimpleLDAP The LDAP configuration stanza (keystone.conf) provides a "pool_connection_timeout" option however this is not used anywhere within the LDAP driver. We have employed a fix downstream in our deployment which is to use this pool_connection_timeout value and set it as ldap.OPT_NETWORK_TIMEOUT so that the LDAP connection times out at the prescribed value without stalling indefinitely at the LDAP bind. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1636950/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp