Added a new LDAPConnectionTimeout directive to util_ldap so that the socket connectio...

Reviewed by: bnicholes, trawick, jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@160707 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 917a1e5f63f5fb918d4c5a2a3e0d2ed106bc3912..b62069529df8ad4d0ef9cb6086d800f60971cd09 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,9 @@
 Changes with Apache 2.0.54
 
+  *) mod_ldap: Added the directive LDAPConnectionTimeout to configure
+     the ldap socket connection timeout value.  
+     [Brad Nicholes]
+
   *) Correctly export all mod_dav public functions.
      [Branko Èibej <brane xbc.nu>]
 

diff --git a/STATUS b/STATUS
index 358ffb6b44afcb6f440e733e6916fb3ced3ec932..6fb025a69bd9a084502898dbdfeb1205f3af90c5 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -94,11 +94,6 @@ PATCHES TO BACKPORT FROM TRUNK:
     identify exactly what the proposed changes are! ]
   [ please append new backports at the end of this list not the top. ]
 
-    *) util_ldap: Add the directive LDAPConnectionTimeout to control
-       the socket timeout value when binding to an LDAP server
-       svn rev 126565
-       +1: bnicholes, trawick (no need for APLOG_NOERRNO in Apache >=2), jim
-
     *) several changes to improve logging of connection-oriented errors, including
        ap_log_cerror() API (needs minor bump in addition to changes below)
          http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/core.c?r1=1.289&r2=1.291

diff --git a/docs/manual/mod/mod_ldap.xml b/docs/manual/mod/mod_ldap.xml
index 01b8404bf710dba9a715eb4cd8a8ca8b1bd852d5..d22bb00fad684487558bc34ac5f8ff16650ea776 100644 (file)
--- a/docs/manual/mod/mod_ldap.xml
+++ b/docs/manual/mod/mod_ldap.xml
@@ -340,4 +340,19 @@ valid</description>
 </usage>
 </directivesynopsis>
 
+<directivesynopsis>
+<name>LDAPConnectionTimeout</name>
+<description>Specifies the socket connection timeout in seconds</description>
+<syntax>LDAPConnectionTimeout <var>seconds</var></syntax>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+    <p>Specifies the timeout value (in seconds) in which the module will
+    attempt to connect to the LDAP server.  If a connection is not
+    successful with the timeout period, either an error will be 
+    returned or the module will attempt to connect to a secondary LDAP 
+    server if one is specified. The default is 10 seconds.</p>
+</usage>
+</directivesynopsis>
+
 </modulesynopsis>

diff --git a/include/util_ldap.h b/include/util_ldap.h
index e5011f596cff4748e6ecf93beca5fb099a129dea..863d6e9c7a6a43751b1ad56b7733660fd2722acc 100644 (file)
--- a/include/util_ldap.h
+++ b/include/util_ldap.h
@@ -126,6 +126,7 @@ typedef struct util_ldap_state_t {
     /* cache ald */
     void *util_ldap_cache;
     char *lock_file;           /* filename for shm lock mutex */
+    int connectionTimeout;
 
 } util_ldap_state_t;
 

diff --git a/modules/experimental/util_ldap.c b/modules/experimental/util_ldap.c
index 857e4fff203879671bf60b22875dc2b527d9b800..d7c437b7078c87807212bbca66900ebdf000fc64 100644 (file)
--- a/modules/experimental/util_ldap.c
+++ b/modules/experimental/util_ldap.c
@@ -1330,6 +1330,30 @@ static const char *util_ldap_set_cert_type(cmd_parms *cmd, void *dummy, const ch
     return(NULL);
 }
 
+static const char *util_ldap_set_connection_timeout(cmd_parms *cmd, void *dummy, const char *ttl)
+{
+    util_ldap_state_t *st = 
+        (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, 
+                                                 &ldap_module);
+    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+
+    if (err != NULL) {
+        return err;
+    }
+
+#ifdef LDAP_OPT_NETWORK_TIMEOUT
+    st->connectionTimeout = atol(ttl);
+
+    ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server, 
+                      "[%d] ldap connection: Setting connection timeout to %ld seconds.", 
+                      getpid(), st->connectionTimeout);
+#else
+    ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, cmd->server,
+                     "LDAP: Connection timout option not supported by the LDAP SDK in use." );
+#endif
+
+    return NULL;
+}
 
 void *util_ldap_create_config(apr_pool_t *p, server_rec *s)
 {
@@ -1347,6 +1371,7 @@ void *util_ldap_create_config(apr_pool_t *p, server_rec *s)
     st->cert_auth_file = NULL;
     st->cert_file_type = LDAP_CA_TYPE_UNKNOWN;
     st->ssl_support = 0;
+    st->connectionTimeout = 10;
 
     return st;
 }
@@ -1379,6 +1404,7 @@ static int util_ldap_post_config(apr_pool_t *p, apr_pool_t *plog,
 
     void *data;
     const char *userdata_key = "util_ldap_init";
+    struct timeval timeOut = {10,0};    /* 10 second connection timeout */
 
     /* util_ldap_post_config() will be called twice. Don't bother
      * going through all of the initialization on the first call
@@ -1603,6 +1629,20 @@ static int util_ldap_post_config(apr_pool_t *p, apr_pool_t *plog,
                          "LDAP: SSL support unavailable" );
     }
     
+#ifdef LDAP_OPT_NETWORK_TIMEOUT
+    if (st->connectionTimeout > 0) {
+        timeOut.tv_sec = st->connectionTimeout;
+    }
+
+    if (st->connectionTimeout >= 0) {
+        rc = ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, (void *)&timeOut);
+        if (APR_SUCCESS != rc) {
+            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+                             "LDAP: Could not set the connection timeout" );
+        }
+    }
+#endif
+
     return(OK);
 }
 
@@ -1667,6 +1707,11 @@ command_rec util_ldap_cmds[] = {
                  "    DER_FILE      - file in binary DER format "
                  "    BASE64_FILE   - file in Base64 format "
                  "    CERT7_DB_PATH - Netscape certificate database file "),
+
+    AP_INIT_TAKE1("LDAPConnectionTimeout", util_ldap_set_connection_timeout, NULL, RSRC_CONF,
+                  "Specifies the LDAP socket connection timeout in seconds. "
+                  "Default is 10 seconds. "),
+
     {NULL}
 };