Add ldap connection timeout for OpenLDAP and Netscape LDAP libs. This can be controlled via the ldap connection timeout parameter. This fixes fallbacks to secondary LDAP servers in multi LDAP server setups like in #4544

(This used to be commit 8e59a2fedc940b081222b0e8f90fe0c5a0981c06)

3 files changed, 40 insertions, 3 deletions

diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index d9d7aca98e..79e0a38b0e 100644
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -220,7 +220,8 @@ const char *smbldap_talloc_dn(TALLOC_CTX *mem_ctx, LDAP *ld,
 
 #endif 	/* HAVE_LDAP */
 
-#define LDAP_CONNECT_DEFAULT_TIMEOUT   15
+#define LDAP_DEFAULT_TIMEOUT   15
+#define LDAP_CONNECTION_DEFAULT_TIMEOUT 2
 #define LDAP_PAGE_SIZE 1024
 
 #endif	/* _SMBLDAP_H */
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index 9fb16f8927..c2c58c0abf 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -672,9 +672,33 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri)
 			return LDAP_OPERATIONS_ERROR;
 #endif /* LDAP_OPT_X_TLS */
 		}
-
 	}
 #endif /* HAVE_LDAP_INITIALIZE */
+
+
+	/* now set connection timeout */
+#ifdef LDAP_X_OPT_CONNECT_TIMEOUT /* Netscape */
+	{
+		int ct = lp_ldap_connection_timeout()*1000;
+		rc = ldap_set_option(*ldap_struct, LDAP_X_OPT_CONNECT_TIMEOUT, &ct);
+		if (rc != LDAP_SUCCESS) {
+			DEBUG(0,("Failed to setup an ldap connection timeout %d: %s\n",
+				ct, ldap_err2string(rc)));
+		}
+	}
+#elif defined (LDAP_OPT_NETWORK_TIMEOUT) /* OpenLDAP */
+	{
+		struct timeval ct;
+		ct.tv_usec = 0;
+		ct.tv_sec = lp_ldap_connection_timeout();
+		rc = ldap_set_option(*ldap_struct, LDAP_OPT_NETWORK_TIMEOUT, &ct);
+		if (rc != LDAP_SUCCESS) {
+			DEBUG(0,("Failed to setup an ldap connection timeout %d: %s\n",
+				ct.tv_sec, ldap_err2string(rc)));
+		}
+	}
+#endif
+
 	return LDAP_SUCCESS;
 }
 
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index a5623a25c0..ef6648aec1 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -263,6 +263,7 @@ struct global {
 	int ldap_passwd_sync;
 	int ldap_replication_sleep;
 	int ldap_timeout; /* This is initialised in init_globals */
+	int ldap_connection_timeout;
 	int ldap_page_size;
 	bool ldap_delete_dn;
 	bool bMsAddPrinterWizard;
@@ -3562,6 +3563,15 @@ static struct parm_struct parm_table[] = {
 		.flags		= FLAG_ADVANCED,
 	},
 	{
+		.label		= "ldap connection timeout",
+		.type		= P_INTEGER,
+		.p_class	= P_GLOBAL,
+		.ptr		= &Globals.ldap_connection_timeout,
+		.special	= NULL,
+		.enum_list	= NULL,
+		.flags		= FLAG_ADVANCED,
+	},
+	{
 		.label		= "ldap page size",
 		.type		= P_INTEGER,
 		.p_class	= P_GLOBAL,
@@ -4755,7 +4765,8 @@ static void init_globals(bool first_time_only)
 	Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
 	Globals.ldap_delete_dn = False;
 	Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
-	Globals.ldap_timeout = LDAP_CONNECT_DEFAULT_TIMEOUT;
+	Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
+	Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
 	Globals.ldap_page_size = LDAP_PAGE_SIZE;
 
 	Globals.ldap_debug_level = 0;
@@ -5074,6 +5085,7 @@ FN_GLOBAL_INTEGER(lp_ldap_passwd_sync, &Globals.ldap_passwd_sync)
 FN_GLOBAL_BOOL(lp_ldap_delete_dn, &Globals.ldap_delete_dn)
 FN_GLOBAL_INTEGER(lp_ldap_replication_sleep, &Globals.ldap_replication_sleep)
 FN_GLOBAL_INTEGER(lp_ldap_timeout, &Globals.ldap_timeout)
+FN_GLOBAL_INTEGER(lp_ldap_connection_timeout, &Globals.ldap_connection_timeout)
 FN_GLOBAL_INTEGER(lp_ldap_page_size, &Globals.ldap_page_size)
 FN_GLOBAL_INTEGER(lp_ldap_debug_level, &Globals.ldap_debug_level)
 FN_GLOBAL_INTEGER(lp_ldap_debug_threshold, &Globals.ldap_debug_threshold)