[sudo-workers] LDAP failover timeouts
Stephen Tihor
sudo at tihor.com
Wed Nov 30 11:56:23 EST 2005
During initial connections a directory failover takes
the default TCP failover period before moving to the
next in the list.
This can be unacceptable in a production environment
where one can not tune the TCP value for this
application.
I'd like to improve this and have been testing this
patch myself for a few months and it seems to work
well.
It lets one change that timeout at
configuration/compile time by setting the variable
LDAP_FAILOVER_TIMEOUT
Diff against patch level 9 follows.
--- ldap.c Wed Oct 12 13:04:50 2005
***************
*** 805,810 ****
--- 805,824 ----
#endif /* LDAP_OPT_PROTOCOL_VERSION */
+ #ifdef LDAP_FAILOVER_TIMEOUT
+ /* Set the LDAP timeout: failover in less than
60,000 ms each */
+ { long int timeout = LDAP_FAILOVER_TIMEOUT;
+ if (ldap_conf.debug>1) fprintf(stderr,
+
"ldap_set_option(LDAP_X_OPT_CONNECT_TIMEOUT,%ld)\n",timeout);
+ rc = ldap_set_option( ld,
LDAP_X_OPT_CONNECT_TIMEOUT, &timeout );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "ldap_set_option: %s\n",
ldap_err2string( rc ) );
+ ldap_unbind( ld );
+ return (rc);
+ }
+ }
+ #endif /* LDAP_FAILOVER_TIMEOUT */
+
#ifdef HAVE_LDAP_START_TLS_S
/* Turn on TLS */
if (ldap_conf.ssl && !strcasecmp(ldap_conf.ssl, "start_tls")){
More information about the sudo-workers
mailing list