On 5/21/19 4:12 PM, dee heffem wrote:
I'm calling a 3rd party 2FA API from within a password module in OpenLDAP. The 2FA API call sends an SMS push to a mobile device.
If the push does not return a result within 10 seconds, auth fails with what looks like a socket (tls_read) timeout. What is going on there and can this timeout be increased if that's what this is?
60 seconds would be more user friendly but after some experimentation with ldap_set_option() I've not been able to affect the connection timeout -- if that's what it is.
Is your overlay processing a single bind operation?
AFAIK the slapd worker thread is blocked for the whole processing time of a single bind operation. Thus I have some doubts that you want to implement an auth mechanism with such asynchronous characteristics in an overlay.