Ldap searches don't seem to honour connect_timeout
Franks Andy (IT Technical Architecture Manager)
Andy.Franks at sath.nhs.uk
Fri May 13 13:21:45 CEST 2016
Hi,
I've tried with version git#8303894, but still a couple of minutes before timeout. It's weird, it always seems to be 127 - 128 seconds, regardless of whether connect_timeout=2.0 or 20.0, maybe of no consequence.
Fri May 13 12:01:26 2016 : Debug : (1) ldap1 - 0 of 0 connections in use. You may need to increase "spare"
Fri May 13 12:01:26 2016 : Debug : (1) ldap1 - Opening additional connection (0), 1 of 10 pending slots used
Fri May 13 12:01:26 2016 : Debug : rlm_ldap (ldap1) - Connecting to ldaps://sath-ad1wk8.sath.nhs.uk:636
Fri May 13 12:01:26 2016 : Debug : rlm_ldap (ldap1) - New libldap handle 0x2ad90f0
Fri May 13 12:03:34 2016 : Debug : rlm_ldap (ldap1) - Closing libldap handle 0x2ad90f0
Fri May 13 12:03:34 2016 : ERROR : (1) ldap1 - Opening connection failed (0)
Fri May 13 12:03:34 2016 : Debug : (1) modsingle[authorize]: returned from ldap1 (ldap) for request 1
Fri May 13 12:03:34 2016 : Debug : (1) ldap1.authorize (fail)
Fri May 13 12:03:34 2016 : Debug : (1) if (updated) {
The ldd output seems to be using the compiled version of openldap as previously noted:
linux-vdso.so.1 => (0x00007fff341fe000)
libldap-2.4.so.2 => /usr/local/lib/libldap-2.4.so.2 (0x00007f0712920000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f0712558000)
liblber-2.4.so.2 => /usr/local/lib/liblber-2.4.so.2 (0x00007f0712348000)
libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f071212e000)
libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007f0711f13000)
libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007f0711cb4000)
libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007f07118d8000)
/lib64/ld-linux-x86-64.so.2 (0x00007f0712d99000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f07116d4000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f07114ba000)
It's a fairly straightforward test I'm trying, just in case that has any bearing on things - I've just nobbled the dns lookup via the hosts file to point to an ip address which is "dead" (just for testing!, I know it's dirty).
Thanks
Andy
>>Thanks Alan,
>> That's great; I'll check it out.
>>Andy
-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+andy.franks=sath.nhs.uk at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: 11 May 2016 19:58
To: FreeRadius users mailing list
Subject: Re: Ldap searches don't seem to honour connect_timeout
On May 11, 2016, at 2:02 PM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
> Network timeout should make the bind timeout. Unless it's not a network timeout.
I've pushed some more fixes. v3.1.x head should now honour time out on initial connect.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list