I'm calling a 3rd party 2FA API from within a password module in OpenLDAP. The 2FA API call sends an SMS push to a mobile device.
If the push does not return a result within 10 seconds, auth fails with what looks like a socket (tls_read) timeout[1]. What is going on there and can this timeout be increased if that's what this is?
60 seconds would be more user friendly but after some experimentation with ldap_set_option() I've not been able to affect the connection timeout -- if that's what it is.
Thanks
------------------- push timed out ------------------------------ 5ce4023e daemon: activity on 1 descriptor 5ce4023e daemon: activity on: 30r 5ce4023e daemon: read active on 30 5ce4023e daemon: epoll: listen=8 active_threads=0 tvp=zero 5ce4023e daemon: epoll: listen=9 active_threads=0 tvp=zero 5ce4023e daemon: epoll: listen=10 active_threads=0 tvp=zero 5ce4023e connection_get(30) 5ce4023e connection_get(30): got connid=1002 5ce4023e connection_read(30): checking for input on id=1002 ber_get_next tls_read: want=5, got=5 0000: 17 03 03 00 26 ....&
tls_read: want=38, got=38 0000: 00 00 00 00 00 00 00 04 22 93 b3 d6 32 6d 6b c2 ........"...2mk. 0010: 1c d2 4b 74 d9 87 8e c2 63 35 02 e4 5e 5f d6 76 ..Kt....c5..^_.v 0020: b5 b4 8b d2 04 14 ......
ldap_read: want=8, got=8 0000: 30 0c 02 01 05 60 07 02 0....`..
ldap_read: want=6, got=6 0000: 01 03 04 00 80 00 ......
ber_get_next: tag 0x30 len 12 contents: ber_dump: buf=0x7efc280008c0 ptr=0x7efc280008c0 end=0x7efc280008cc len=12 0000: 02 01 05 60 07 02 01 03 04 00 80 00 ...`........
5ce4023e op tag 0x60, time 1558446654 5ce4023e connection_input: conn=1002 deferring operation: binding ber_get_next tls_read: want=5 error=Resource temporarily unavailable ldap_read: want=8, got=0
5ce4023e daemon: activity on 1 descriptor 5ce4023e daemon: activity on: 5ce4023e daemon: epoll: listen=8 active_threads=0 tvp=zero 5ce4023e daemon: epoll: listen=9 active_threads=0 tvp=zero 5ce4023e daemon: epoll: listen=10 active_threads=0 tvp=zero