10 messages in org.openldap.openldap-softwareclient timeouts [was: Re: multiple se...
FromSent OnAttachments
Emmanuel DreyfusJul 16, 2007 6:04 am 
Quanah Gibson-MountJul 16, 2007 8:13 am 
Emmanuel DreyfusJul 17, 2007 2:49 pm 
Emmanuel DreyfusJul 17, 2007 2:58 pm 
Dieter KluenterJul 17, 2007 8:15 pm 
Emmanuel DreyfusJul 17, 2007 9:44 pm 
Philip GuentherJul 17, 2007 11:07 pm 
Howard ChuJul 18, 2007 3:00 am 
Emmanuel DreyfusJul 18, 2007 5:30 am 
Howard ChuJul 18, 2007 8:34 am 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:client timeouts [was: Re: multiple servers in DNS and TLS]Actions...
From:Philip Guenther (guen@sendmail.com)
Date:Jul 17, 2007 11:07:32 pm
List:org.openldap.openldap-software

On Tue, 17 Jul 2007, Emmanuel Dreyfus wrote:

One last problem: if a LDAP server accepts the TCP connexion but remain hung after that (because slapd has been stoped with a kill -STOP for instance), then the client will just hang without trying the next server. Using something such as TIMELIMIT 1 in ldap.conf does not help.

Any magic trick for that?

Nope. TIMELIMIT just sets the default for the value passed to the server in the search request. There's no option for setting a default timeout to be used by the ldap_result() call. What's more, there's no API of any sort for putting a timeout on TLS/SSL negotiation.

A long-lived program that needs to impose a time limit on LDAP operations that may include using ldap_starttls_s() or opening an ldaps URL basically has to do so in one thread or process and do the timing out in a separate thread or process.

(Or reimplement that part of the OpenLDAP API, I suppose.)

Philip Guenther Sendmail, Inc.