I'm calling a 3rd party 2FA API from within a password module in
OpenLDAP. The 2FA API call sends an SMS push to a mobile device.
If the push does not return a result within 10 seconds, auth
fails with what looks like a socket (tls_read) timeout[1]. What is going
on there and can this timeout be increased if that's what this is?
60 seconds would be more user friendly but after some experimentation
with ldap_set_option() I've not been able to affect the connection
timeout -- if that's what it is.
Thanks
------------------- push timed out ------------------------------
5ce4023e daemon: activity on 1 descriptor
5ce4023e daemon: activity on: 30r
5ce4023e daemon: read active on 30
5ce4023e daemon: epoll: listen=8 active_threads=0 tvp=zero
5ce4023e daemon: epoll: listen=9 active_threads=0 tvp=zero
5ce4023e daemon: epoll: listen=10 active_threads=0 tvp=zero
5ce4023e connection_get(30)
5ce4023e connection_get(30): got connid=1002
5ce4023e connection_read(30): checking for input on id=1002
ber_get_next
tls_read: want=5, got=5
0000: 17 03 03 00 26 ....&
tls_read: want=38, got=38
0000: 00 00 00 00 00 00 00 04 22 93 b3 d6 32 6d 6b c2
........"...2mk.
0010: 1c d2 4b 74 d9 87 8e c2 63 35 02 e4 5e 5f d6 76
..Kt....c5..^_.v
0020: b5 b4 8b d2 04 14 ......
ldap_read: want=8, got=8
0000: 30 0c 02 01 05 60 07 02 0....`..
ldap_read: want=6, got=6
0000: 01 03 04 00 80 00 ......
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x7efc280008c0 ptr=0x7efc280008c0 end=0x7efc280008cc len=12
0000: 02 01 05 60 07 02 01 03 04 00 80 00 ...`........
5ce4023e op tag 0x60, time 1558446654
5ce4023e connection_input: conn=1002 deferring operation: binding
ber_get_next
tls_read: want=5 error=Resource temporarily unavailable
ldap_read: want=8, got=0
5ce4023e daemon: activity on 1 descriptor
5ce4023e daemon: activity on:
5ce4023e daemon: epoll: listen=8 active_threads=0 tvp=zero
5ce4023e daemon: epoll: listen=9 active_threads=0 tvp=zero
5ce4023e daemon: epoll: listen=10 active_threads=0 tvp=zero