Thomas Egerer wrote:
On 06/24/2011 09:15 PM, Howard Chu schrobtete:
> You appear to be using a very old version of OpenLDAP then.
This is correct, I am currently using openldap 2.1.30, still...
You're supposed to provide your version info at the *beginning* of the
discussion. OpenLDAP 2.1 was obsoleted in 2004.
> The LDAP_OPT_TIMEOUT setting will timeout any synchronous
> has done so since early 2007 at least.
... I cannot confirm this. Even when I use openldap 2.4.23 I can
reproduce my DoS-scenario by starting a 'nc -l localhost -p 389' and
performing an 'ldapsearch -l 5 -h localhost ...' which ends up in an
The "-l" option to ldapsearch sets the Search Request time limit, which is not
the same as the API timeout that LDAP_OPT_TIMEOUT controls.
>> I finally ended up with a custom function which
>> essentially does what I want, but I cannot figure out
>> To sum it up: any chance to get this upstream?
> No. The current code already works as desired.
I don't see that.
You're looking at the wrong thing.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/