So it looks like changing libldap to use the tm_api timeout might have been a bad idea. All the existing apps assume that passing a NULL timeout gives an unlimited timeout. Now this is only true if there is no default timeout set in ldap.conf/ldaprc. If there is such a setting, then an app can't actually get an unlimited timeout unless it explicitly calls ldap_set_option() to override any value read from a config file.

Any thoughts? Without that change, the tm_api value is a no-op and totally useless. Perhaps it's an option that should not be valid in any config file, and only valid from an app?