LDAP timeout does not apply to search/bind/etc
Environment
LemonLDAP::NG version: 2.0.8
Summary
-
Configure LDAP authentication with ldapTimeout = 5
-
Shutdown your LDAP server, restart LLNG
-
You get an error after 5 second, because ldapTimeout works when connecting to LDAP
-
Start LDAP server, restart LLNG
-
Login a few times
-
firewall your LDAP server to simulate packet loss
-
You get an infinite timeout when trying to connect to LLNG
Logs
[debug] Processing getUser
...
Possible fixes
There is no way to get Net::LDAP to timeout on a read, and not just on connection :(
We have to implement a SIGALRM timeout on all LDAP operations (with ldapTimeout as value)
But perhaps a better approach would be to wrap getUser and authenticate in a SIGARLM timeout ? So that we can have a global "backend" timeout ?