Philip Guenther wrote:
On Tue, 17 Jul 2007, Emmanuel Dreyfus wrote:
One last problem: if a LDAP server accepts the TCP connexion but remain hung after that (because slapd has been stoped with a kill -STOP for instance), then the client will just hang without trying the next server. Using something such as TIMELIMIT 1 in ldap.conf does not help.
Any magic trick for that?
Nope. TIMELIMIT just sets the default for the value passed to the server in the search request. There's no option for setting a default timeout to be used by the ldap_result() call.
This has been changed in 2.4.
What's more, there's no API of any sort for putting a timeout on TLS/SSL negotiation.
If you can suggest a clean way to do this, go right ahead.
A long-lived program that needs to impose a time limit on LDAP operations that may include using ldap_starttls_s() or opening an ldaps URL basically has to do so in one thread or process and do the timing out in a separate thread or process.
(Or reimplement that part of the OpenLDAP API, I suppose.)
Philip Guenther Sendmail, Inc.