accounts: Limit LDAP operations to 10 seconds

Some operations seem to lock up indefinitely.

This change will abort any operation after 10 seconds
and prevent the webapp from locking up.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/backend/accounts.py b/src/backend/accounts.py
index 74b4eafbd7e591720147f4f7e8dbc7ee2c1e8b13..a32c15f521ebc920fe7679aae69aec05c0cee8b0 100644 (file)
--- a/src/backend/accounts.py
+++ b/src/backend/accounts.py
@@ -194,9 +194,15 @@ class Accounts(Object):
                logging.debug("Connecting to LDAP server: %s" % ldap_uri)
 
                # Connect to the LDAP server
-               return ldap.ldapobject.ReconnectLDAPObject(ldap_uri,
+               connection = ldap.ldapobject.ReconnectLDAPObject(ldap_uri,
+                       trace_level=2 if self.backend.debug else 0,
                        retry_max=10, retry_delay=3)
 
+               # Set maximum timeout for operations
+               connection.set_option(ldap.OPT_TIMEOUT, 10)
+
+               return connection
+
        def _authenticate(self):
                # Authenticate against LDAP server using Kerberos
                self.ldap.sasl_gssapi_bind_s()