[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3663) No timeout in ldap binds

Full_Name: David Le Corfec
Version: 2.x
Submission from: (NULL) (


Any news regarding the lack of a timeout in ldap bind ?

A NULL timeval is supplied to ldap_result()
in libraries/libldap/sasl.c/ldap_sasl_bind_s().

	if ( ldap_result( ld, msgid, 1, NULL, &result ) == -1 )

In effect, a select() will wait forever.

I understand that it would require an API change, as discussed
around ITS#980-983.
Even if it had a sensible default timeout or a global setting ?

The problem is that it's currently possible to hang local
and remote logins using unix or ldap accounts to all machine
depending on a LDAP server which doesn't answer past
the TCP connection ... (can be simulated by sending SIGSTOP to slapd :)
Already happened several times this week for various reasons :(