[sudo-workers] LDAP failover timeouts
Andrea Barisani
lcars at gentoo.org
Wed Nov 30 12:59:39 EST 2005
On Wed, Nov 30, 2005 at 08:56:23AM -0800, Stephen Tihor wrote:
> During initial connections a directory failover takes
> the default TCP failover period before moving to the
> next in the list.
>
> This can be unacceptable in a production environment
> where one can not tune the TCP value for this
> application.
>
> I'd like to improve this and have been testing this
> patch myself for a few months and it seems to work
> well.
>
> It lets one change that timeout at
> configuration/compile time by setting the variable
> LDAP_FAILOVER_TIMEOUT
>
> Diff against patch level 9 follows.
>
> --- ldap.c Wed Oct 12 13:04:50 2005
> ***************
> *** 805,810 ****
> --- 805,824 ----
>
> #endif /* LDAP_OPT_PROTOCOL_VERSION */
>
> + #ifdef LDAP_FAILOVER_TIMEOUT
> + /* Set the LDAP timeout: failover in less than
> 60,000 ms each */
> + { long int timeout = LDAP_FAILOVER_TIMEOUT;
> + if (ldap_conf.debug>1) fprintf(stderr,
> +
> "ldap_set_option(LDAP_X_OPT_CONNECT_TIMEOUT,%ld)\n",timeout);
> + rc = ldap_set_option( ld,
> LDAP_X_OPT_CONNECT_TIMEOUT, &timeout );
> + if ( rc != LDAP_SUCCESS ) {
> + fprintf( stderr, "ldap_set_option: %s\n",
> ldap_err2string( rc ) );
> + ldap_unbind( ld );
> + return (rc);
> + }
> + }
> + #endif /* LDAP_FAILOVER_TIMEOUT */
> +
> #ifdef HAVE_LDAP_START_TLS_S
> /* Turn on TLS */
> if (ldap_conf.ssl && !strcasecmp(ldap_conf.ssl, "start_tls")){
> ____________________________________________________________
> sudo-workers mailing list <sudo-workers at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-workers
We currently ship this one:
http://dev.gentoo.org/~lcars/ldap/sudo-timelimit.patch
The maintainer of the ldap sudo stuff is already aware of the problem since I
contacted him already about this so hopefully we'll get this soon :).
--
Andrea Barisani <lcars at gentoo.org> .*.
Gentoo Linux Infrastructure Developer V
( )
PGP-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc ( )
0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E ^^_^^
"Pluralitas non est ponenda sine necessitate"
More information about the sudo-workers
mailing list