clinuxunixldap

How can I cause ldap_simple_bind_s to timeout?


We recently had a problem with our test LDAP server - it was hung and wouldn't respond to requests. As a result, our application hung forever* while trying to bind to it. This only happened on Unix machines - on Windows, the ldap_simple_bind_s call timed out after about 30 seconds.

* I don't know if it really was forever, but it was at least several minutes.

I added calls to ldap_set_option, trying both LDAP_OPT_TIMEOUT and LDAP_OPT_NETWORK_TIMEOUT, but the bind call still hung. Is there any way to make ldap_simple_bind_s time out after some period of time of my choosing?


Solution

  • There are a couple of things happening here.

    Basically the LDAP SDK is broken; based on the spec it should have timed out based upon the value you sent in ldap_set_option(). Unfortunately it's not doing that properly. Your bind will probably eventually time out, but it won't be until the OS returns back a failure, and that will come from the TCP timeout or some multiple of that timeout.

    You can work around this by using ldap_simple_bind(), then calling ldap_result() a couple of times. If you don't get the result back within the timeout you want you can call ldap_abandon_ext() to tell the SDK to give up.

    Of course since you're trying to bind this will almost certainly leave the connection in an unusable state and so you will need to unbind it immediately.

    Hope this helps.