Re: Changing timeouts from a slapd module
On 5/21/19 4:31 PM, Michael Ströder wrote:
On 5/21/19 4:12 PM, dee heffem wrote:
<snip>>> 60
seconds would be more user friendly but after some
experimentation
> with ldap_set_option() I've not been able to affect the
connection
> timeout -- if that's what it is.
It seems after reloading my OpenLDAP test server this morning, the
ldap_set_option() timeout adjustment has indeed changed. I had merely
restarted slapd yesterday and for whatever reason the timeout
was unaffected.
Is your overlay processing a single bind operation?
AFAIK the slapd worker thread is blocked for the whole processing time
of a single bind operation. Thus I have some doubts that you want to
implement an auth mechanism with such asynchronous characteristics in an
overlay.
Yes. Also, I now see what you mean. Testing simultaneous auth sessions
was the next TODO after increasing the timeout. Alas, as you mention,
when two users attempt a bind (ldapsearch -D for instance) User #2 does
not get a push request until User #1 has finished auth. Blasted thing.
Can lutil_passwd_add() be told to run in another thread or something?
Perhaps this is just digging a hole deeper however.
Thanks