openldap-bugs@OpenLDAP.org
[Top] [All Lists]

(ITS#3663) No timeout in ldap binds

Subject: (ITS#3663) No timeout in ldap binds
From:
Date: Fri, 15 Apr 2005 16:32:10 GMT
Full_Name: David Le Corfec
Version: 2.x
OS: SuSE
URL: 
Submission from: (NULL) (84.96.42.75)


Hi,

Any news regarding the lack of a timeout in ldap bind ?

A NULL timeval is supplied to ldap_result()
in libraries/libldap/sasl.c/ldap_sasl_bind_s().

        if ( ldap_result( ld, msgid, 1, NULL, &result ) == -1 )

In effect, a select() will wait forever.

I understand that it would require an API change, as discussed
around ITS#980-983.
Even if it had a sensible default timeout or a global setting ?

The problem is that it's currently possible to hang local
and remote logins using unix or ldap accounts to all machine
depending on a LDAP server which doesn't answer past
the TCP connection ... (can be simulated by sending SIGSTOP to slapd :)
Already happened several times this week for various reasons :(

Bye,


<Prev in Thread] Current Thread [Next in Thread>