Discussion:
ldapbind() timeout can't work .
lijx
2008-04-18 08:33:06 UTC
Permalink
LDAP APIS confused me, anyone can tell my what's wrong with my code?



I have call ldap_set_option() and set the LDAP_OPT_NETWORK_TIMEOUT or the
LDAP_OPT_TIMEOUT opt,

before call the ldap_bind_s() or the non synchronize APIS, but the
authentication result still return after almost 70

seconds later, am I miss something (note: my server is windows active
directory, simple authentication.)?





struct timeval tv_select_timeout;

tv_select_timeout.tv_sec = 10;

tv_select_timeout.tv_usec = 0;

int t;

t=ldap_set_option(pLdapConnection, LDAP_OPT_NETWORK_TIMEOUT,
&tv_select_timeout);



#ifdef BIND_TIME_CONTROL

{

int msgid, err;

LDAPMessage *result = NULL;

char *error_msg;

struct timeval tv;



if ((msgid = ldap_simple_bind(pLdapConnection,
pUserDN, pPassword)) == -1)

{



error_msg = NULL;

ldap_get_option(pLdapConnection,
LDAP_OPT_ERROR_STRING, &error_msg);

if (error_msg != NULL)

{



ldap_memfree(error_msg);

}



ldap_unbind_s(pLdapConnection);

return
AUTH_AGENT_ERR_LDAPSIMPLEBIND_FAIL;

}



ret = ldap_result(pLdapConnection, msgid,
LDAP_MSG_ALL, & tv_select_timeout, &result);



if (ret == -1)

{

ldap_unbind_s(pLdapConnection);

if (result != NULL)

ldap_msgfree(result);

return AUTH_AGENT_ERR_LDAPRESULT_FAIL;

}

else if (ret == 0)

{

/*timeout & result ==NULL */


ldap_unbind_s(pLdapConnection);

if (result != NULL)

ldap_msgfree(result);



return
AUTH_AGENT_ERR_LDAPRESULT_TIMEOUT;

}



ret = ldap_result2error(pLdapConnection, result, 1);

}

#else

{



ret = ldap_bind_s(pLdapConnection, pUserDN,
pPassword, LDAP_AUTH_SIMPLE);



}

#endif
Pierangelo Masarati
2008-04-18 21:40:42 UTC
Permalink
Post by lijx
LDAP APIS confused me, anyone can tell my what's wrong with my code?
I have call ldap_set_option() and set the LDAP_OPT_NETWORK_TIMEOUT or the
LDAP_OPT_TIMEOUT opt,
before call the ldap_bind_s() or the non synchronize APIS, but the
authentication result still return after almost 70
seconds later, am I miss something (note: my server is windows active
directory, simple authentication.)?
LDAP_OPT_NETWORK_TIMEOUT olny acts at the connection level, which
apparently is established successfully. ldap_bind_s(), which BTW is
deprecated in favor of ldap_sasl_bind_s(), does not allow any timeout
while waiting for response. Until OpenLDAP 2.3, the LDAP_OPT_TIMEOUT
was not honored; only calling ldap_result() with an explicit timeout
would allow to time out requests taking too long. The only way to make
use of a timeout was to use the asynchronous API, as done in the code
you submitted when BIND_TIME_CONTROL is defined. Since OpenLDAP 2.4,
LDAP_OPT_TIMEOUT is honored by the library. Unfortunately you didn't
specify what version of the API you're using.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: ***@sys-net.it
---------------------------------------
lijx
2008-04-21 01:26:19 UTC
Permalink
dear pierangelo.masarati:
thanks a lot , I got it.
regards.
lijx
-----Original Message-----
Sent: Saturday, April 19, 2008 5:41 AM
To: lijx
Subject: Re: ldapbind() timeout can't work .
Post by lijx
LDAP APIS confused me, anyone can tell my what's wrong with my code?
I have call ldap_set_option() and set the LDAP_OPT_NETWORK_TIMEOUT or
the
Post by lijx
LDAP_OPT_TIMEOUT opt,
before call the ldap_bind_s() or the non synchronize APIS, but the
authentication result still return after almost 70
seconds later, am I miss something (note: my server is windows active
directory, simple authentication.)?
LDAP_OPT_NETWORK_TIMEOUT olny acts at the connection level, which
apparently is established successfully. ldap_bind_s(), which BTW is
deprecated in favor of ldap_sasl_bind_s(), does not allow any timeout
while waiting for response. Until OpenLDAP 2.3, the LDAP_OPT_TIMEOUT
was not honored; only calling ldap_result() with an explicit timeout
would allow to time out requests taking too long. The only way to make
use of a timeout was to use the asynchronous API, as done in the code
you submitted when BIND_TIME_CONTROL is defined. Since OpenLDAP 2.4,
LDAP_OPT_TIMEOUT is honored by the library. Unfortunately you didn't
specify what version of the API you're using.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
---------------------------------------
Loading...