[Date Prev][Date Next]
Re: (ITS#3520) search timeout setting in ldap.conf doesn't work
At 09:36 AM 1/26/2005, firstname.lastname@example.org wrote:
>Full_Name: David O'Dell
First, OpenLDAP 2.1 is considered historic. Please try OpenLDAP 2.2.23.
Second, this doesn't actually appear to be a problem with OpenLDAP
Software. See below.
>OS: fedora core 1
>Submission from: (NULL) (22.214.171.124)
>When a client isn't on the network and can't resolve the ldap server then it is
>impossible to login in to the machine from the console.
OpenLDAP Software, except possibly as providing a directory for
login applications (e.g., pam/ldap, nss/ldap), with this function.
>We've tried setting the search timelimit to 1 and it never gets to the point of
>The quick work around is to put the ldap server in /etc/hosts in which case it
>passes the search process and goes to the bind_timelimit which fails and then
>allows us to login in.
>Not being able to login to a server while is can't resolve the ldap server is a
>Why is this setting included in the ldap.conf if its ignored?
The OpenLDAP ldap.conf(5) timelimit directive provides a default
for the LDAP client library. Application provided timelimits
trump this default by design.
I intend to close this report as not indicative of a bug in
OpenLDAP Software. If you believe there is a bug in latest
"stable" (or later) version OpenLDAP Software, please augment
your report with additional details.