auth: Added hardcoded 5 second timeout to LDAP connect()

Although it doesn't look like the timeout is exactly 5 seconds always due to
OpenSSL's internal workings, but this should be good enough.

diff --git a/src/auth/db-ldap.c b/src/auth/db-ldap.c
index 186a3b849e6bd8d53d2d40689b7af88425565e79..6dcfba7af5c70562c6db1af24771e6fe9615251a 100644 (file)
--- a/src/auth/db-ldap.c
+++ b/src/auth/db-ldap.c
@@ -1096,6 +1096,18 @@ static void db_ldap_set_options(struct ldap_connection *conn)
        unsigned int ldap_version;
        int value;
 
+#ifdef LDAP_OPT_NETWORK_TIMEOUT
+       struct timeval tv;
+       int ret;
+
+       tv.tv_sec = DB_LDAP_CONNECT_TIMEOUT_SECS; tv.tv_usec = 0;
+       ret = ldap_set_option(conn->ld, LDAP_OPT_NETWORK_TIMEOUT, &tv);
+       if (ret != LDAP_SUCCESS) {
+               i_fatal("LDAP %s: Can't set network-timeout: %s",
+                       conn->config_path, ldap_err2string(ret));
+       }
+#endif
+
        db_ldap_set_opt(conn, conn->ld, LDAP_OPT_DEREF, &conn->set.ldap_deref,
                        "deref", conn->set.deref);
 #ifdef LDAP_OPT_DEBUG_LEVEL

diff --git a/src/auth/db-ldap.h b/src/auth/db-ldap.h
index 8a51081758c64cf94e2d0e6b25f6f3a50d4e1146..53b2e5cb524a5b95396d77e98ef0ceb40ae94681 100644 (file)
--- a/src/auth/db-ldap.h
+++ b/src/auth/db-ldap.h
@@ -7,6 +7,8 @@
 
 /* Maximum number of pending requests before delaying new requests. */
 #define DB_LDAP_MAX_PENDING_REQUESTS 8
+/* connect() timeout to LDAP */
+#define DB_LDAP_CONNECT_TIMEOUT_SECS 5
 /* If LDAP connection is down, fail requests after waiting for this long. */
 #define DB_LDAP_REQUEST_DISCONNECT_TIMEOUT_SECS 4
 /* If request is still in queue after this many seconds and other requests