[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3520) search timeout setting in ldap.conf doesn't work

At 09:36 AM 1/26/2005, davidodell@gmail.com wrote:
>Full_Name: David O'Dell
>Version: openldap-2.1.22-8

First, OpenLDAP 2.1 is considered historic.  Please try OpenLDAP 2.2.23.
Second, this doesn't actually appear to be a problem with OpenLDAP
Software.  See below.

>OS: fedora core 1
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (
>When a client isn't on the network and can't resolve the ldap server then it is
>impossible to login in to the machine from the console.

OpenLDAP Software, except possibly as providing a directory for
login applications (e.g., pam/ldap, nss/ldap), with this function.

>We've tried setting the search timelimit to 1 and it never gets to the point of
>The quick work around is to put the ldap server in /etc/hosts in which case it
>passes the search process and goes to the bind_timelimit which fails and then
>allows us to login in.
>Not being able to login to a server while is can't resolve the ldap server is a
>huge problem.
>Why is this setting included in the ldap.conf if its ignored?

The OpenLDAP ldap.conf(5) timelimit directive provides a default
for the LDAP client library.  Application provided timelimits
trump this default by design.

I intend to close this report as not indicative of a bug in
OpenLDAP Software.  If you believe there is a bug in latest
"stable" (or later) version OpenLDAP Software, please augment
your report with additional details.