[sudo-workers] LDAP failover timeouts

Andrea Barisani lcars at gentoo.org
Wed Nov 30 12:59:39 EST 2005 

On Wed, Nov 30, 2005 at 08:56:23AM -0800, Stephen Tihor wrote:
> During initial connections a directory failover takes
> the default TCP failover period before moving to the
> next in the list.  
> 
> This can be unacceptable in a production environment
> where one can not tune the TCP value for this
> application.  
> 
> I'd like to improve this and have been testing this
> patch myself for a few months and it seems to work
> well.  
> 
> It lets one change that timeout at
> configuration/compile time by setting the variable
> LDAP_FAILOVER_TIMEOUT 
> 
> Diff against patch level 9 follows. 
> 
> --- ldap.c      Wed Oct 12 13:04:50 2005
> ***************
> *** 805,810 ****
> --- 805,824 ----
> 
>   #endif /* LDAP_OPT_PROTOCOL_VERSION */
> 
> + #ifdef LDAP_FAILOVER_TIMEOUT
> +   /* Set the LDAP timeout: failover in less than
> 60,000 ms each */
> +   { long int timeout = LDAP_FAILOVER_TIMEOUT;
> +     if (ldap_conf.debug>1) fprintf(stderr,
> +           
> "ldap_set_option(LDAP_X_OPT_CONNECT_TIMEOUT,%ld)\n",timeout);
> +     rc = ldap_set_option( ld,
> LDAP_X_OPT_CONNECT_TIMEOUT, &timeout );
> +     if ( rc != LDAP_SUCCESS ) {
> +       fprintf( stderr, "ldap_set_option: %s\n",
> ldap_err2string( rc ) );
> +       ldap_unbind( ld );
> +       return (rc);
> +     }
> +   }
> + #endif /* LDAP_FAILOVER_TIMEOUT */
> +
>   #ifdef HAVE_LDAP_START_TLS_S
>     /* Turn on TLS */
>     if (ldap_conf.ssl && !strcasecmp(ldap_conf.ssl, "start_tls")){
> ____________________________________________________________ 
> sudo-workers mailing list <sudo-workers at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-workers

We currently ship this one:

http://dev.gentoo.org/~lcars/ldap/sudo-timelimit.patch

The maintainer of the ldap sudo stuff is already aware of the problem since I
contacted him already about this so hopefully we'll get this soon :).

-- 
Andrea Barisani <lcars at gentoo.org>                            .*.
Gentoo Linux Infrastructure Developer                          V
                                                             (   )
PGP-Key 0x864C9B9E http://dev.gentoo.org/~lcars/pubkey.asc   (   )
    0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E        ^^_^^
      "Pluralitas non est ponenda sine necessitate"

More information about the sudo-workers mailing list