LDAP APIS confused me, anyone can tell my what's wrong with my code?
I have call ldap_set_option() and set the LDAP_OPT_NETWORK_TIMEOUT or the LDAP_OPT_TIMEOUT opt,
before call the ldap_bind_s() or the non synchronize APIS, but the authentication result still return after almost 70
seconds later, am I miss something (note: my server is windows active directory, simple authentication.)?
struct timeval tv_select_timeout;
tv_select_timeout.tv_sec = 10;
tv_select_timeout.tv_usec = 0;
int t;
t=ldap_set_option(pLdapConnection, LDAP_OPT_NETWORK_TIMEOUT, &tv_select_timeout);
#ifdef BIND_TIME_CONTROL
{
int msgid, err;
LDAPMessage *result = NULL;
char *error_msg;
struct timeval tv;
if ((msgid = ldap_simple_bind(pLdapConnection, pUserDN, pPassword)) == -1)
{
error_msg = NULL;
ldap_get_option(pLdapConnection, LDAP_OPT_ERROR_STRING, &error_msg);
if (error_msg != NULL)
{
ldap_memfree(error_msg);
}
ldap_unbind_s(pLdapConnection);
return AUTH_AGENT_ERR_LDAPSIMPLEBIND_FAIL;
}
ret = ldap_result(pLdapConnection, msgid, LDAP_MSG_ALL, & tv_select_timeout, &result);
if (ret == -1)
{
ldap_unbind_s(pLdapConnection);
if (result != NULL)
ldap_msgfree(result);
return AUTH_AGENT_ERR_LDAPRESULT_FAIL;
}
else if (ret == 0)
{
/*timeout & result ==NULL */
ldap_unbind_s(pLdapConnection);
if (result != NULL)
ldap_msgfree(result);
return AUTH_AGENT_ERR_LDAPRESULT_TIMEOUT;
}
ret = ldap_result2error(pLdapConnection, result, 1);
}
#else
{
ret = ldap_bind_s(pLdapConnection, pUserDN, pPassword, LDAP_AUTH_SIMPLE);
}
#endif
lijx wrote:
LDAP APIS confused me, anyone can tell my what's wrong with my code?
I have call ldap_set_option() and set the LDAP_OPT_NETWORK_TIMEOUT or the LDAP_OPT_TIMEOUT opt,
before call the ldap_bind_s() or the non synchronize APIS, but the authentication result still return after almost 70
seconds later, am I miss something (note: my server is windows active directory, simple authentication.)?
LDAP_OPT_NETWORK_TIMEOUT olny acts at the connection level, which apparently is established successfully. ldap_bind_s(), which BTW is deprecated in favor of ldap_sasl_bind_s(), does not allow any timeout while waiting for response. Until OpenLDAP 2.3, the LDAP_OPT_TIMEOUT was not honored; only calling ldap_result() with an explicit timeout would allow to time out requests taking too long. The only way to make use of a timeout was to use the asynchronous API, as done in the code you submitted when BIND_TIME_CONTROL is defined. Since OpenLDAP 2.4, LDAP_OPT_TIMEOUT is honored by the library. Unfortunately you didn't specify what version of the API you're using.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------
dear pierangelo.masarati: thanks a lot , I got it. regards. lijx
-----Original Message----- From: Pierangelo Masarati [mailto:ando@sys-net.it] Sent: Saturday, April 19, 2008 5:41 AM To: lijx Cc: openldap-technical@openldap.org Subject: Re: ldapbind() timeout can't work .
lijx wrote:
LDAP APIS confused me, anyone can tell my what's wrong with my code?
I have call ldap_set_option() and set the LDAP_OPT_NETWORK_TIMEOUT or
the
LDAP_OPT_TIMEOUT opt,
before call the ldap_bind_s() or the non synchronize APIS, but the authentication result still return after almost 70
seconds later, am I miss something (note: my server is windows active directory, simple authentication.)?
LDAP_OPT_NETWORK_TIMEOUT olny acts at the connection level, which apparently is established successfully. ldap_bind_s(), which BTW is deprecated in favor of ldap_sasl_bind_s(), does not allow any timeout while waiting for response. Until OpenLDAP 2.3, the LDAP_OPT_TIMEOUT was not honored; only calling ldap_result() with an explicit timeout would allow to time out requests taking too long. The only way to make use of a timeout was to use the asynchronous API, as done in the code you submitted when BIND_TIME_CONTROL is defined. Since OpenLDAP 2.4, LDAP_OPT_TIMEOUT is honored by the library. Unfortunately you didn't specify what version of the API you're using.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it
Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it
openldap-technical@openldap.org
-
lijx -
Pierangelo Masarati