Philip Guenther wrote:
On Tue, 17 Jul 2007, Emmanuel Dreyfus wrote:
> One last problem: if a LDAP server accepts the TCP connexion but remain
> hung after that (because slapd has been stoped with a kill -STOP for
> instance), then the client will just hang without trying the next
> server. Using something such as TIMELIMIT 1 in ldap.conf does not help.
> Any magic trick for that?
Nope. TIMELIMIT just sets the default for the value passed to the server
in the search request. There's no option for setting a default timeout to
be used by the ldap_result() call.
This has been changed in 2.4.
What's more, there's no API of any
sort for putting a timeout on TLS/SSL negotiation.
If you can suggest a clean way to do this, go right ahead.
A long-lived program that needs to impose a time limit on LDAP
that may include using ldap_starttls_s() or opening an ldaps URL basically
has to do so in one thread or process and do the timing out in a separate
thread or process.
(Or reimplement that part of the OpenLDAP API, I suppose.)
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/