https://bugs.openldap.org/show_bug.cgi?id=9829
--- Comment #4 from slash@aceslash.net --- Hello,
I have also been bitten by this. This can actually create a situation where the whole server is unresponsive: if a remote system is down, all connections trying to use the remoteauth overlay will have to wait until the timeout (more than 2 minutes on my test system).
This situation can escalate quickly and block all connections on an OpenLDAP server, even the ones that don't use remoteauth.
I'm talking from experience here: both Active Directory servers were unavailable and it basically killed the whole OpenLDAP cluster for us.
The fix was to replace the addresses of the remote ADs with IPs that were responding, but had no LDAP port open, in this case the operation returns instantly.