[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8979) The -l <timelimit> or -o nettimeout=<timelimit> don't limit DNS lookup time

To: openldap-its@OpenLDAP.org
Subject: (ITS#8979) The -l <timelimit> or -o nettimeout=<timelimit> don't limit DNS lookup time
From: avarab@gmail.com
Date: Mon, 18 Feb 2019 15:31:33 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: .var Arnfj.r. Bjarmason
Version: 2.4.44-21
OS: CentOS 7.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (5.57.21.154)


On a setup where you have a blackholed DNS server:

$ grep ^name /etc/resolv.conf
nameserver 1.2.3.4

Running e.g.:

$ time ldapsearch -l 2 -o nettimeout=1 [...]

Will (on my system) eventually return:

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

real    0m24.039s
user    0m0.004s
sys     0m0.007s

It'll take around 48 seconds if I have two DNS servers. Running strace(1) on it
reveals that it's sitting in a socket/connect/poll loop trying to lookup the
hostname of the LDAP server I'm trying to talk to.

Instead one of these options should limit time spent on DNS lookups, or there
should be another option, so that you can run ldapsearch with a combination of
these options and be sure that it'll run in at most the <timeout> you give it.

As a workaround I'm using ldapsearch with /usr/bin/timeout, but since it kills
it if it exceeds the timeout I don't get a meaningful error.

Prev by Date: Re: (ITS#8978) Fix mdb_env_open2() failing when getting handle for NTDLL.dll
Next by Date: Re: (ITS#8979) The -l <timelimit> or -o nettimeout=<timelimit> don't limit DNS lookup time
Index(es):
- Chronological
- Thread