ldap: set default timeout to 5 seconds (fixes #29386)

Also change behaviour to set the network *and* default timeout, see ldap.conf(5) : NETWORK_TIMEOUT <integer> Specifies the timeout (in seconds) after which the poll(2)/select(2) following a connect(2) returns in case of no activity. TIMEOUT <integer> Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs will abort if no response is received. Also used for any ldap_result(3) calls where a NULL timeout parameter is supplied.
2019-03-12 12:33:23 +01:00 · 2019-03-12 12:33:23 +01:00 · 3988b6fb37
parent a31a99b13f
commit 3988b6fb37
1 changed files with 2 additions and 1 deletions
--- a/src/authentic2/backends/ldap_backend.py
+++ b/src/authentic2/backends/ldap_backend.py
@ -391,7 +391,7 @@ class LDAPBackend(object):
        'email_field': 'mail',
        'fname_field': 'givenName',
        'lname_field': 'sn',
-        'timeout': -1,
+        'timeout': 5,
        'referrals': False,
        'disable_update': False,
        'bind_with_username': False,
@ -1190,6 +1190,7 @@ class LDAPBackend(object):
            conn = LDAPObject(url)
            if block['timeout'] > 0:
                conn.set_option(ldap.OPT_NETWORK_TIMEOUT, block['timeout'])
+                conn.set_option(ldap.OPT_TIMEOUT, block['timeout'])
            conn.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
                            getattr(ldap, 'OPT_X_TLS_' + block['require_cert'].upper()))
            if block['cacertfile']: