[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_search_s(t) and time-outs

To: Greg B <ldapn00b@gmail.com>
Subject: Re: ldap_search_s(t) and time-outs
From: Pierangelo Masarati <ando@sys-net.it>
Date: Thu, 31 Aug 2006 15:05:26 +0200
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <2819a38c0608301739h1cb567a2pae53175ee6fee01a@mail.gmail.com>
References: <2819a38c0608301739h1cb567a2pae53175ee6fee01a@mail.gmail.com>
User-agent: Mail/News 1.5.0.5 (X11/20060808)

Greg B wrote:

Before I perform initial bind (using ldap_sasl_bind and SSL context),
I set LDAP_OPT_NETWORK_TIMEOUT to 5 seconds... this seems to work a
treat on the bind time-out. The problem occurs after I unplug the
network cable on the LDAP server machine and try to perform a
search using the LDAP session handle I obtained earlier.

char* attrs[] = {LDAP_NO_ATTRS, NULL};
LDAPMessage* res = NULL;
ldapRc = ldap_search_st(ld, baseDnUtf8.c_str(), scope,
filterUtf8.c_str(), attrs, FALSE, NULL, &res);

The ldap_search_st function call doesn't seem to return for at least
40-120 seconds. Before making this post I've tried everything I can
think of, including 1) setting LDAP_OPT_TIMELIMIT to 5 seconds... this
is supposedly setting the server-side limit, 2) initializing timeval
struct, setting tv_sec member to 5 and passing in an address of the
struct as the second-last parameter to ldap_search_st... this is
supposedly setting the client-side time-out, 3) calling ldap_search_s,
4) using Simple (username/password) authentication, instead of SSL. I
guess next thing on my TO-TRY list is doing a debug build of all
components and trying to track down in which OpenLDAP function the
wait occurs. I noticed (by looking in CVSWeb) that there was some fix
to wait4msg routine made post-version-2.1.2, wonder if that has any
bearing on my scenario.

any tips/suggestions/enlightenments would be appreciated

Network timeout is something different from a timelimit on a search operation. Network timeout has to do with establishing a connection, i.e. with the time waited fro before connect(2) returns, while any other operation has to do with waiting for a message on an already established connection, i.e. with the time waited for before select(2) (or poll(2) or whatever) returns, as opposed to waiting forever (or the like). Response is typically waited for by ldap_result(3), which allows a timeout argument. If you use synchronous operations, there's very little you can do, apart from searches, where ldap_search_ext_s(3) also allows a timelimit argument. Note that for searches the timelimit is the overall time limit for the entire operation, which may elapse, and terminate the operation, even if single intermediate responses were returned to the client. I'm not sure whether OpenLDAP 2.1.2 already implements ldap_search_ext_s(3) or not, but in any case this wouldn't be the only reason to recommend an upgrade.

p.

Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------

References:
- ldap_search_s(t) and time-outs
  - From: "Greg B" <ldapn00b@gmail.com>

Prev by Date: Re: Setting limits on an ou, only
Next by Date: Re: errant SASL/GSSAPI setup?
Index(es):
- Chronological
- Thread