[sudo-workers] LDAP failover timeouts

[Stephen Tihor]

During initial connections a directory failover takes
the default TCP failover period before moving to the
next in the list.  

This can be unacceptable in a production environment
where one can not tune the TCP value for this
application.  

I'd like to improve this and have been testing this
patch myself for a few months and it seems to work
well.  

It lets one change that timeout at
configuration/compile time by setting the variable
LDAP_FAILOVER_TIMEOUT 

Diff against patch level 9 follows. 

--- ldap.c      Wed Oct 12 13:04:50 2005
***************
*** 805,810 ****
--- 805,824 ----

  #endif /* LDAP_OPT_PROTOCOL_VERSION */

+ #ifdef LDAP_FAILOVER_TIMEOUT
+   /* Set the LDAP timeout: failover in less than
60,000 ms each */
+   { long int timeout = LDAP_FAILOVER_TIMEOUT;
+     if (ldap_conf.debug>1) fprintf(stderr,
+           
"ldap_set_option(LDAP_X_OPT_CONNECT_TIMEOUT,%ld)\n",timeout);
+     rc = ldap_set_option( ld,
LDAP_X_OPT_CONNECT_TIMEOUT, &timeout );
+     if ( rc != LDAP_SUCCESS ) {
+       fprintf( stderr, "ldap_set_option: %s\n",
ldap_err2string( rc ) );
+       ldap_unbind( ld );
+       return (rc);
+     }
+   }
+ #endif /* LDAP_FAILOVER_TIMEOUT */
+
  #ifdef HAVE_LDAP_START_TLS_S
    /* Turn on TLS */
    if (ldap_conf.ssl && !strcasecmp(ldap_conf.ssl, "start_tls")){