[Date Prev][Date Next]
Re: client timeouts [was: Re: multiple servers in DNS and TLS]
Philip Guenther wrote:
On Tue, 17 Jul 2007, Emmanuel Dreyfus wrote:
One last problem: if a LDAP server accepts the TCP connexion but remain
hung after that (because slapd has been stoped with a kill -STOP for
instance), then the client will just hang without trying the next
server. Using something such as TIMELIMIT 1 in ldap.conf does not help.
Any magic trick for that?
Nope. TIMELIMIT just sets the default for the value passed to the server
in the search request. There's no option for setting a default timeout to
be used by the ldap_result() call.
This has been changed in 2.4.
What's more, there's no API of any
sort for putting a timeout on TLS/SSL negotiation.
If you can suggest a clean way to do this, go right ahead.
A long-lived program that needs to impose a time limit on LDAP operations
that may include using ldap_starttls_s() or opening an ldaps URL basically
has to do so in one thread or process and do the timing out in a separate
thread or process.
(Or reimplement that part of the OpenLDAP API, I suppose.)
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/