[Freeipa-devel] [PATCH] bind-dyndb-ldap: new parameter "timeout"

Thu Jan 6 17:23:21 UTC 2011

Hello,

attached patch introduces new bind-dyndb-ldap parameter called
"timeout". It controls timeout of the LDAP queries and by default is
set to 10 seconds.

The patch solves https://fedorahosted.org/bind-dyndb-ldap/ticket/3.

Regards, Adam

-- 
Adam Tkac, Red Hat, Inc.
-------------- next part --------------
>From ab991832581345bf40372fe7e1c488edb1567c1a Mon Sep 17 00:00:00 2001
From: Adam Tkac <atkac at redhat.com>
Date: Thu, 6 Jan 2011 18:17:14 +0100
Subject: [PATCH] Add new parameter - "timeout".

This parameter controls timeout of the LDAP queries. Generally timeout
of resolvers is 5 seconds so 10 seconds by default should be enough.

Solves ticket https://fedorahosted.org/bind-dyndb-ldap/ticket/3.

Signed-off-by: Adam Tkac <atkac at redhat.com>
---
 README            |    5 +++++
 src/ldap_helper.c |   11 ++++++++++-
 2 files changed, 15 insertions(+), 1 deletions(-)

diff --git a/README b/README
index 758f141..5c80344 100644
--- a/README
+++ b/README
@@ -139,6 +139,11 @@ zone_refresh (default 0)
 	a zone. If this option is set to 0, the LDAP driver will never refresh
 	the settings.
 
+timeout (default 10)
+	Timeout (in seconds) of the queries to the LDAP server. If the LDAP
+	server don't respond before this timeout then lookup is aborted and
+	BIND returns SERVFAIL. Value "0" means infinite timeout (no timeout).
+
 
 5.2 Sample configuration
 ------------------------
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index fbe9f9e..9659b9d 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -126,6 +126,7 @@ struct ldap_instance {
 	ld_string_t		*base;
 	unsigned int		connections;
 	unsigned int		reconnect_interval;
+	unsigned int		timeout;
 	ldap_auth_t		auth_method;
 	ld_string_t		*bind_dn;
 	ld_string_t		*password;
@@ -291,6 +292,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
 		{ "uri",	 no_default_string		},
 		{ "connections", default_uint(2)		},
 		{ "reconnect_interval", default_uint(60)	},
+		{ "timeout",	 default_uint(10)		},
 		{ "base",	 no_default_string		},
 		{ "auth_method", default_string("none")		},
 		{ "bind_dn",	 default_string("")		},
@@ -346,6 +348,7 @@ new_ldap_instance(isc_mem_t *mctx, const char *db_name,
 	ldap_settings[i++].target = ldap_inst->uri;
 	ldap_settings[i++].target = &ldap_inst->connections;
 	ldap_settings[i++].target = &ldap_inst->reconnect_interval;
+	ldap_settings[i++].target = &ldap_inst->timeout;
 	ldap_settings[i++].target = ldap_inst->base;
 	ldap_settings[i++].target = auth_method_str;
 	ldap_settings[i++].target = ldap_inst->bind_dn;
@@ -1258,6 +1261,7 @@ ldap_query(ldap_connection_t *ldap_conn, const char *base, int scope, char **att
 {
 	va_list ap;
 	isc_result_t result;
+	struct timeval timeout;
 
 	REQUIRE(ldap_conn != NULL);
 
@@ -1273,12 +1277,15 @@ ldap_query(ldap_connection_t *ldap_conn, const char *base, int scope, char **att
 		return ISC_R_FAILURE;
 	}
 
+	timeout.tv_sec = ldap_conn->database->timeout;
+	timeout.tv_usec = 0;
+
 	do {
 		int ret;
 
 		ret = ldap_search_ext_s(ldap_conn->handle, base, scope,
 					str_buf(ldap_conn->query_string),
-					attrs, attrsonly, NULL, NULL, NULL,
+					attrs, attrsonly, NULL, NULL, &timeout,
 					LDAP_NO_LIMIT, &ldap_conn->result);
 
 		if (ret == 0) {
@@ -1697,6 +1704,8 @@ handle_connection_error(ldap_connection_t *ldap_conn, isc_result_t *result)
 			log_error("connection to the LDAP server was lost");
 		if (ldap_connect(ldap_conn) == ISC_R_SUCCESS)
 			return 1;
+	} else if (err_code == LDAP_TIMEOUT) {
+		log_error("LDAP query timed out. Try to adjust \"timeout\" parameter");
 	} else {
 		err_string = ldap_err2string(err_code);
 	}
-- 
1.7.3.4

