From ca813d8aece894c96ea0f2230196064405ceeb6a Mon Sep 17 00:00:00 2001 From: Damien Regad Date: Mon, 12 Sep 2011 18:35:29 +0200 Subject: [PATCH] Add new ldap_network_timeout config option Introduction of PHP 5.3 support with 1.3.x allows setting of LDAP network timeout (LDAP_OPT_NETWORK_TIMEOUT) before binding the server. When the LDAP server is not available with this option set to its default value of 0 (infinite), the system will seem to hang for several minutes, depending on the TCP stack settings, until control is finally returned to Mantis. Setting this option to a low value makes the system more responsive, and also allows automatic and rapid failover to the next available LDAP server when the hostname defined in $g_ldap_server resolves to multiple IP addresses, which are tried in sequence by ldap_bind(). Fixes #12544 --- config_defaults_inc.php | 11 +++++++++++ core/ldap_api.php | 11 ++++++++++- docbook/Admin_Guide/en-US/config/auth.xml | 15 +++++++++++++++ 3 files changed, 36 insertions(+), 1 deletion(-) diff --git a/config_defaults_inc.php b/config_defaults_inc.php index 0d6330b8a0..6893c329c7 100644 --- a/config_defaults_inc.php +++ b/config_defaults_inc.php @@ -1857,6 +1857,17 @@ */ $g_ldap_protocol_version = 0; +/** + * Duration of the timeout for TCP connection to the LDAP server (in seconds). + * Set this to a low value when the hostname defined in $g_ldap_server resolves + * to multiple IP addresses, allowing rapid failover to the next available LDAP + * server. + * Defaults to 0 (infinite) + * + * @global int $g_ldap_network_timeout + */ +$g_ldap_network_timeout = 0; + /** * Determines whether the LDAP library automatically follows referrals returned * by LDAP servers or not. This maps to LDAP_OPT_REFERRALS ldap library option. diff --git a/core/ldap_api.php b/core/ldap_api.php index ad6eb0c5be..87e3c5e672 100644 --- a/core/ldap_api.php +++ b/core/ldap_api.php @@ -64,8 +64,17 @@ function ldap_connect_bind( $p_binddn = '', $p_password = '' ) { $t_ds = @ldap_connect( $t_ldap_server ); if( $t_ds !== false && $t_ds > 0 ) { log_event( LOG_LDAP, 'Connection accepted by LDAP server' ); - $t_protocol_version = config_get( 'ldap_protocol_version' ); + $t_network_timeout = config_get( 'ldap_network_timeout' ); + if( $t_network_timeout > 0 ) { + log_event( LOG_LDAP, "Setting LDAP network timeout to " . $t_network_timeout ); + $t_result = @ldap_set_option( $t_ds, LDAP_OPT_NETWORK_TIMEOUT, $t_network_timeout ); + if( !$t_result ) { + ldap_log_error( $t_ds ); + } + } + + $t_protocol_version = config_get( 'ldap_protocol_version' ); if( $t_protocol_version > 0 ) { log_event( LOG_LDAP, 'Setting LDAP protocol version to ' . $t_protocol_version ); $t_result = @ldap_set_option( $t_ds, LDAP_OPT_PROTOCOL_VERSION, $t_protocol_version ); diff --git a/docbook/Admin_Guide/en-US/config/auth.xml b/docbook/Admin_Guide/en-US/config/auth.xml index 471383cf7f..81ffefe637 100644 --- a/docbook/Admin_Guide/en-US/config/auth.xml +++ b/docbook/Admin_Guide/en-US/config/auth.xml @@ -141,6 +141,21 @@ ldaps://ldap.example.com:3269/ + + $g_ldap_network_timeout + + + Duration of the timeout for TCP connection to the + LDAP server (in seconds). Defaults to + 0 (infinite). + + Set this to a low value when the hostname defined + in $g_ldap_server resolves to multiple IP addresses, + allowing rapid failover to the next available LDAP + server. + + + $g_ldap_follow_referrals