Merge pull request #3592 from Icinga/feature/ldap-timeout

LdapConnection: Add timeout setting with a useful default value
Icinga · Oct 16, 2018 · d00fdf4 · d00fdf4
2 parents b3e0b5d + 39f5b5e
commit d00fdf4
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/application/forms/Config/Resource/LdapResourceForm.php b/application/forms/Config/Resource/LdapResourceForm.php
@@ -144,6 +144,17 @@ public function createElements(array $formData)
             )
         );
 
+        $this->addElement(
+            'number',
+            'timeout',
+            array(
+                'preserveDefault'   => true,
+                'label'             => $this->translate('Timeout'),
+                'description'       => $this->translate('Connection timeout for every LDAP connection'),
+                'value'             => 5 // see LdapConnection::__construct()
+            )
+        );
+
         return $this;
     }
 }
diff --git a/library/Icinga/Protocol/Ldap/LdapConnection.php b/library/Icinga/Protocol/Ldap/LdapConnection.php
@@ -139,6 +139,13 @@ class LdapConnection implements Selectable, Inspectable
      */
     protected $root;
 
+    /**
+     * LDAP_OPT_NETWORK_TIMEOUT for the LDAP connection
+     *
+     * @var int
+     */
+    protected $timeout;
+
     /**
      * The properties and capabilities of the LDAP server
      *
@@ -178,7 +185,8 @@ public function __construct(ConfigObject $config)
         $this->bindDn = $config->bind_dn;
         $this->bindPw = $config->bind_pw;
         $this->rootDn = $config->root_dn;
-        $this->port = $config->get('port', 389);
+        $this->port = (int) $config->get('port', 389);
+        $this->timeout = (int) $config->get('timeout', 5);
 
         $this->encryption = $config->encryption;
         if ($this->encryption !== null) {
@@ -1190,6 +1198,9 @@ protected function prepareNewConnection(Inspection $info = null)
 
         $ds = ldap_connect($hostname, $this->port);
 
+        // Set a proper timeout for each connection
+        ldap_set_option($ds, LDAP_OPT_NETWORK_TIMEOUT, $this->timeout);
+
         // Usage of ldap_rename, setting LDAP_OPT_REFERRALS to 0 or using STARTTLS requires LDAPv3.
         // If this does not work we're probably not in a PHP 5.3+ environment as it is VERY
         // unlikely that the server complains about it by itself prior to a bind request