From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 4 Dec 2019 16:51:33 +0000 (+0000)
Subject: accounts: Limit LDAP operations to 10 seconds
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4e3cfa04a5d707994fb879f0fdc77ccf64078753;p=ipfire.org.git

accounts: Limit LDAP operations to 10 seconds

Some operations seem to lock up indefinitely.

This change will abort any operation after 10 seconds
and prevent the webapp from locking up.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/backend/accounts.py b/src/backend/accounts.py
index 74b4eafb..a32c15f5 100644
--- a/src/backend/accounts.py
+++ b/src/backend/accounts.py
@@ -194,9 +194,15 @@ class Accounts(Object):
 		logging.debug("Connecting to LDAP server: %s" % ldap_uri)
 
 		# Connect to the LDAP server
-		return ldap.ldapobject.ReconnectLDAPObject(ldap_uri,
+		connection = ldap.ldapobject.ReconnectLDAPObject(ldap_uri,
+			trace_level=2 if self.backend.debug else 0,
 			retry_max=10, retry_delay=3)
 
+		# Set maximum timeout for operations
+		connection.set_option(ldap.OPT_TIMEOUT, 10)
+
+		return connection
+
 	def _authenticate(self):
 		# Authenticate against LDAP server using Kerberos
 		self.ldap.sasl_gssapi_bind_s()