Ldap searches don't seem to honour connect_timeout

Franks Andy (IT Technical Architecture Manager) Andy.Franks at sath.nhs.uk
Fri May 13 13:21:45 CEST 2016


Hi,
  I've tried with version git#8303894, but still a couple of minutes before timeout. It's weird, it always seems to be 127 - 128 seconds, regardless of whether connect_timeout=2.0 or 20.0, maybe of no consequence.

Fri May 13 12:01:26 2016 : Debug : (1)                ldap1 - 0 of 0 connections in use.  You  may need to increase "spare"
Fri May 13 12:01:26 2016 : Debug : (1)                ldap1 - Opening additional connection (0), 1 of 10 pending slots used
Fri May 13 12:01:26 2016 : Debug : rlm_ldap (ldap1) - Connecting to ldaps://sath-ad1wk8.sath.nhs.uk:636
Fri May 13 12:01:26 2016 : Debug : rlm_ldap (ldap1) - New libldap handle 0x2ad90f0
Fri May 13 12:03:34 2016 : Debug : rlm_ldap (ldap1) - Closing libldap handle 0x2ad90f0
Fri May 13 12:03:34 2016 : ERROR : (1)                ldap1 - Opening connection failed (0)
Fri May 13 12:03:34 2016 : Debug : (1)                modsingle[authorize]: returned from ldap1 (ldap) for request 1
Fri May 13 12:03:34 2016 : Debug : (1)                ldap1.authorize (fail)
Fri May 13 12:03:34 2016 : Debug : (1)                if (updated) {

The ldd output seems to be using the compiled version of openldap as previously noted:

        linux-vdso.so.1 =>  (0x00007fff341fe000)
        libldap-2.4.so.2 => /usr/local/lib/libldap-2.4.so.2 (0x00007f0712920000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f0712558000)
        liblber-2.4.so.2 => /usr/local/lib/liblber-2.4.so.2 (0x00007f0712348000)
        libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f071212e000)
        libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007f0711f13000)
        libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007f0711cb4000)
        libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007f07118d8000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f0712d99000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f07116d4000)
        libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f07114ba000)

It's a fairly straightforward test I'm trying, just in case that has any bearing on things - I've just nobbled the dns lookup via the hosts file to point to an ip address which is "dead" (just for testing!, I know it's dirty).
Thanks
Andy


>>Thanks Alan,
>> That's great; I'll check it out.
>>Andy

-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: 11 May 2016 19:58
To: FreeRadius users mailing list
Subject: Re: Ldap searches don't seem to honour connect_timeout

On May 11, 2016, at 2:02 PM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
> Network timeout should make the bind timeout.  Unless it's not a network timeout.

  I've pushed some more fixes.  v3.1.x head should now honour time out on initial connect.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list