[Freeipa-devel] [PATCH] bind-dyndb-ldap: new parameter "timeout"
Adam Tkac
atkac at redhat.com
Thu Jan 6 17:23:21 UTC 2011
Hello,
attached patch introduces new bind-dyndb-ldap parameter called
"timeout". It controls timeout of the LDAP queries and by default is
set to 10 seconds.
The patch solves https://fedorahosted.org/bind-dyndb-ldap/ticket/3.
Regards, Adam
--
Adam Tkac, Red Hat, Inc.
-------------- next part --------------
>From ab991832581345bf40372fe7e1c488edb1567c1a Mon Sep 17 00:00:00 2001
From: Adam Tkac <atkac at redhat.com>
Date: Thu, 6 Jan 2011 18:17:14 +0100
Subject: [PATCH] Add new parameter - "timeout".
This parameter controls timeout of the LDAP queries. Generally timeout
of resolvers is 5 seconds so 10 seconds by default should be enough.
Solves ticket https://fedorahosted.org/bind-dyndb-ldap/ticket/3.
Signed-off-by: Adam Tkac <atkac at redhat.com>
---
README | 5 +++++
src/ldap_helper.c | 11 ++++++++++-
2 files changed, 15 insertions(+), 1 deletions(-)
diff --git a/README b/README
index 758f141..5c80344 100644
--- a/README
+++ b/README
@@ -139,6 +139,11 @@ zone_refresh (default 0)
a zone. If this option is set to 0, the LDAP driver will never refresh
the settings.
+timeout (default 10)
+ Timeout (in seconds) of the queries to the LDAP server. If the LDAP
+ server don't respond before this timeout then lookup is aborted and
+ BIND returns SERVFAIL. Value "0" means infinite timeout (no timeout).
+
5.2 Sample configuration
------------------------
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index fbe9f9e..9659b9d 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -126,6 +126,7 @@ struct ldap_instance {
ld_string_t *base;
unsigned int connections;
unsigned int reconnect_interval;
+ unsigned int timeout;
ldap_auth_t auth_method;
ld_string_t *bind_dn;
ld_string_t *password;
@@ -291,6 +292,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
{ "uri", no_default_string },
{ "connections", default_uint(2) },
{ "reconnect_interval", default_uint(60) },
+ { "timeout", default_uint(10) },
{ "base", no_default_string },
{ "auth_method", default_string("none") },
{ "bind_dn", default_string("") },
@@ -346,6 +348,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
ldap_settings[i++].target = ldap_inst->uri;
ldap_settings[i++].target = &ldap_inst->connections;
ldap_settings[i++].target = &ldap_inst->reconnect_interval;
+ ldap_settings[i++].target = &ldap_inst->timeout;
ldap_settings[i++].target = ldap_inst->base;
ldap_settings[i++].target = auth_method_str;
ldap_settings[i++].target = ldap_inst->bind_dn;
@@ -1258,6 +1261,7 @@ ldap_query(ldap_connection_t *ldap_conn, const char *base, int scope, char **att
{
va_list ap;
isc_result_t result;
+ struct timeval timeout;
REQUIRE(ldap_conn != NULL);
@@ -1273,12 +1277,15 @@ ldap_query(ldap_connection_t *ldap_conn, const char *base, int scope, char **att
return ISC_R_FAILURE;
}
+ timeout.tv_sec = ldap_conn->database->timeout;
+ timeout.tv_usec = 0;
+
do {
int ret;
ret = ldap_search_ext_s(ldap_conn->handle, base, scope,
str_buf(ldap_conn->query_string),
- attrs, attrsonly, NULL, NULL, NULL,
+ attrs, attrsonly, NULL, NULL, &timeout,
LDAP_NO_LIMIT, &ldap_conn->result);
if (ret == 0) {
@@ -1697,6 +1704,8 @@ handle_connection_error(ldap_connection_t *ldap_conn, isc_result_t *result)
log_error("connection to the LDAP server was lost");
if (ldap_connect(ldap_conn) == ISC_R_SUCCESS)
return 1;
+ } else if (err_code == LDAP_TIMEOUT) {
+ log_error("LDAP query timed out. Try to adjust \"timeout\" parameter");
} else {
err_string = ldap_err2string(err_code);
}
--
1.7.3.4
More information about the Freeipa-devel
mailing list