开发者

How can I cause ldap_simple_bind_s to timeout?

问答 作者:

We recently had a problem with our test LDAP server - it was hung and wouldn't respond to requests. As a result, our application hung forever* while trying to bind to it. This only happened on Unix machines - on Windows, the ldap_simple_bind_s call timed out after about 30 seconds.

* I don't know if it really was forever, but it was at least several minutes.

I added calls to ldap_set_option, trying both LDAP_OPT_TIMEOUT and LDAP_OPT_NETWORK_TIMEOUT, but the bind call still hung. Is there any way to make ldap_simple_bind_s time out after some period of time of my ch开发者_StackOverflow中文版oosing?

There are a couple of things happening here.

Basically the LDAP SDK is broken; based on the spec it should have timed out based upon the value you sent in ldap_set_option. Unfortunately it's not doing that properly. Your bind will probably eventually time out, but it won't be until the OS returns back a failure, and that will come from the TCP timeout or some multiple of that timeout.

You can work around this by using ldap_simple_bind(), then calling ldap_result() a couple of times. If you don't get the result back within the timeout you want you can call ldap_abandon_ext() to tell the SDK to give up.

Of course since you're trying to bind this will almost certainly leave the connection in an unusable state and so you will need to unbind it immediately.

Hope this helps.

UPDATE: below code is only working on openldap 2.4+. openLdap 2.3 does not honor LDAP_OPT_TIMEOUT without which ldap_simple_bind_s will not timeout regardless of what you set. Here is the link from openLdap forum

I am using ldap_simple_bind_s in my LDAP auth service, and with setting LDAP_OPT_TIMEOUT, LDAP_OPT_TIMELIMIT, and LDAP_OPT_NETWORK_TIMEOUT; it successfully times out if the LDAP server is unavailable.

Here is the code excerpt from my LDAP Connect Method:

  int opt_timeout     = 4;               // LDAP_OPT_TIMEOUT
  int timelimit       = 4;               // LDAP_OPT_TIMELIMIT
  int network_timeout = 4;               // LDAP_OPT_NETWORK_TIMEOUT
  int status = 0;

      // Set LDAP operation timeout(synchronous operations)

      if ( opt_timeout > 0 )
      {

          struct timeval optTimeout;
          optTimeout.tv_usec = 0;
          optTimeout.tv_sec = opt_timeout;

          status = ldap_set_option(connection, LDAP_OPT_TIMEOUT, (void *)&optTimeout);
          if ( status != LDAP_OPT_SUCCESS )
          {
              return false;
          }
      }

      // Set LDAP operation timeout
      if ( timelimit > 0 )
      {
          status = ldap_set_option(connection, LDAP_OPT_TIMELIMIT, (void *)&timelimit);
          if ( status != LDAP_OPT_SUCCESS )
          {
              return false;
          }
      }

      // Set LDAP network operation timeout(connection attempt)
      if ( network_timeout > 0 )
      {
          struct timeval networkTimeout;
          networkTimeout.tv_usec = 0;
          networkTimeout.tv_sec = network_timeout;

          status = ldap_set_option(connection, LDAP_OPT_NETWORK_TIMEOUT, (void *)&networkTimeout);
          if ( status != LDAP_OPT_SUCCESS )
          {
              return false;
          }
      }

继续阅读:cldap

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9