Full_Name: Sean Finney Version: 2.4.21-0ubuntu5.5 OS: Ubuntu Lucid URL: Submission from: (NULL) (213.115.10.98) We have an ldap.conf with URI ldap://corp.net where corp.net resolves to a list of about 20 round-robin balanced A records, all of which are windows-based domain controllers for the site. Recently, a hiccup in change control ended up with 3 of these servers being offline but remaining in DNS. Therefore, with about 3/20 probability ldapsearch and friends will just sit and hang waiting for packets to return from the void until the TCP/IP RTT timeout is reached. It would be nice if ldapsearch could, either by default or as an option, have some way of iteratively trying all of the returned DNS records in the face of such failure (which could also be from some form of network hiccup, or a crashed server). Bonus points if it could somehow be pre-emptive (i.e. not waiting for the entire TCP/IP RTT timeout before trying another server). Of course another alternative would be for us to duplicate the information from DNS into multiple servers listed in URI, but that seems... duplicative. But in any event I did a quick search of the issue system and didn't see a documented position on the matter so I figured I could at least post this and see what you think :)
As far as I understand from the code, libldap already behaves like that, i.e. it loops through all the hosts returned by getaddrinfo(3). What's missing (in your configuration of ldapsearch) is a network timeout parameter. Right now, you can set it either using NETWORK_TIMEOUT in ldap.conf(5) or passing the command-line switch -o nettimeout=<timeout>. I understand the latter is not documented in ldapsearch(1), although it appears in the usage message of all tools. As I'd consider this issue a software usage question rather than a bug (except for the missing documentation), I encourage you to continue discussion on the openldap-technical mailing list. p.
changed notes moved from Incoming to Documentation
On Wed, Sep 07, 2011 at 12:51:10PM +0000, Pierangelo Masarati wrote: > As far as I understand from the code, libldap already behaves like that, i.e. it > loops through all the hosts returned by getaddrinfo(3). What's missing (in your > configuration of ldapsearch) is a network timeout parameter. Right now, you can > set it either using NETWORK_TIMEOUT in ldap.conf(5) or passing the command-line > switch -o nettimeout=<timeout>. I understand the latter is not documented in > ldapsearch(1), although it appears in the usage message of all tools. wonderful, confirmed that it works. so then yes, just a minor omission from the documentation :) sean
software use; `-o' undocumented
fixed by #7152 *** This issue has been marked as a duplicate of issue 7152 ***