On 5/21/19 4:31 PM, Michael Ströder wrote:
On 5/21/19 4:12 PM, dee heffem wrote:
<snip>>> 60 seconds would be more user friendly but after some experimentation
with ldap_set_option() I've not been able to affect the connection timeout -- if that's what it is.
It seems after reloading my OpenLDAP test server this morning, the ldap_set_option() timeout adjustment has indeed changed. I had merely restarted slapd yesterday and for whatever reason the timeout was unaffected.
Is your overlay processing a single bind operation?
AFAIK the slapd worker thread is blocked for the whole processing time of a single bind operation. Thus I have some doubts that you want to implement an auth mechanism with such asynchronous characteristics in an overlay.
Yes. Also, I now see what you mean. Testing simultaneous auth sessions was the next TODO after increasing the timeout. Alas, as you mention, when two users attempt a bind (ldapsearch -D for instance) User #2 does not get a push request until User #1 has finished auth. Blasted thing.
Can lutil_passwd_add() be told to run in another thread or something? Perhaps this is just digging a hole deeper however.
Thanks