Added a new LDAPConnectionTimeout directive to util_ldap so that the socket connectio...

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@126565 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 5b717fb71767a51507a38e84906c0a8ce4ffb438..48ea378aede77e78613dbbcaf2f6427822e5cbe4 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@ Changes with Apache 2.1.3
 
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) mod_ldap: Added the directive LDAPConnectionTimeout to configure
+     the ldap socket connection timeout value.  
+     [Brad Nicholes]
+
   *) Add --enable-pie flag to configure, to build httpd as a Position
      Independent Executable where supported (GCC/binutils).
      [Joe Orton]

diff --git a/docs/manual/mod/mod_ldap.xml b/docs/manual/mod/mod_ldap.xml
index fa74cfc8e89cb05b148320051d107172889a3e3b..01cc87bc8830c3f7f7bcdcc1804dcc2a78492f9b 100644 (file)
--- a/docs/manual/mod/mod_ldap.xml
+++ b/docs/manual/mod/mod_ldap.xml
@@ -245,7 +245,7 @@ by other LDAP modules</description>
 <section id="settingcerts"><title>SSL/TLS Certificates</title>
 
     <p>The different LDAP SDKs have widely different methods of setting
-    and handling both CA and client side certificates.<p>
+    and handling both CA and client side certificates.</p>
 
     <p>If you intend to use SSL or TLS, read this section CAREFULLY so as to
     understand the differences between configurations on the different LDAP
@@ -566,4 +566,19 @@ connection client certificates.</description>
 </usage>
 </directivesynopsis>
 
+<directivesynopsis>
+<name>LDAPConnectionTimeout</name>
+<description>Specifies the socket connection timeout in seconds</description>
+<syntax>LDAPConnectionTimeout <var>seconds</var></syntax>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+    <p>Specifies the timeout value (in seconds) in which the module will
+    attempt to connect to the LDAP server.  If a connection is not
+    successful with the timeout period, either an error will be 
+    returned or the module will attempt to connect to a secondary LDAP 
+    server if one is specified. The default is 10 seconds.</p>
+</usage>
+</directivesynopsis>
+
 </modulesynopsis>

diff --git a/include/util_ldap.h b/include/util_ldap.h
index ce2106351601408ff1862121e919eb006b7e056a..dccb777e5adda280328cf41eb452bd4b6ac3d6b3 100644 (file)
--- a/include/util_ldap.h
+++ b/include/util_ldap.h
@@ -128,6 +128,7 @@ typedef struct util_ldap_state_t {
     /* cache ald */
     void *util_ldap_cache;
     char *lock_file;           /* filename for shm lock mutex */
+    int connectionTimeout;
 
 } util_ldap_state_t;
 

diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c
index 72b3ae3d9579757b3687e4162e6d1a51885f5741..11483179089ccf5ca1060f5d71f2f960d46f7609 100644 (file)
--- a/modules/ldap/util_ldap.c
+++ b/modules/ldap/util_ldap.c
@@ -1594,6 +1594,26 @@ static const char *util_ldap_set_trusted_mode(cmd_parms *cmd, void *dummy, const
     return(NULL);
 }
 
+static const char *util_ldap_set_connection_timeout(cmd_parms *cmd, void *dummy, const char *ttl)
+{
+    util_ldap_state_t *st = 
+        (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, 
+                                                 &ldap_module);
+    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+
+    if (err != NULL) {
+        return err;
+    }
+
+    st->connectionTimeout = atol(ttl);
+
+    ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server, 
+                      "[%d] ldap connection: Setting connection timeout to %ld seconds.", 
+                      getpid(), st->connectionTimeout);
+
+    return NULL;
+}
+
 
 void *util_ldap_create_config(apr_pool_t *p, server_rec *s)
 {
@@ -1613,6 +1633,7 @@ void *util_ldap_create_config(apr_pool_t *p, server_rec *s)
     st->client_certs = apr_array_make(p, 10, sizeof(apr_ldap_opt_tls_cert_t));
     st->secure = APR_LDAP_NONE;
     st->secure_set = 0;
+    st->connectionTimeout = 10;
 
     return st;
 }
@@ -1669,6 +1690,7 @@ static int util_ldap_post_config(apr_pool_t *p, apr_pool_t *plog,
     const char *userdata_key = "util_ldap_init";
     apr_ldap_err_t *result_err = NULL;
     int rc;
+    struct timeval timeOut = {10,0};    /* 10 second connection timeout */
 
     /* util_ldap_post_config() will be called twice. Don't bother
      * going through all of the initialization on the first call
@@ -1788,6 +1810,20 @@ static int util_ldap_post_config(apr_pool_t *p, apr_pool_t *plog,
         ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, 
                          "LDAP: SSL support unavailable" );
     }
+
+    if (st->connectionTimeout > 0) {
+        timeOut.tv_sec = st->connectionTimeout;
+    }
+
+    if (st->connectionTimeout >= 0) {
+        rc = apr_ldap_set_option(p, NULL, LDAP_OPT_NETWORK_TIMEOUT,
+                                 (void *)&timeOut, &(result_err));
+        if (APR_SUCCESS != rc) {
+            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+                             "LDAP: Could not set the connection timeout" );
+        }
+    }
+
     
     return(OK);
 }
@@ -1883,6 +1919,10 @@ command_rec util_ldap_cmds[] = {
                   "   SSL - SSL encryption enabled (forced by ldaps://) "
                   "   STARTTLS - STARTTLS MUST be enabled "),
 
+    AP_INIT_TAKE1("LDAPConnectionTimeout", util_ldap_set_connection_timeout, NULL, RSRC_CONF,
+                  "Specifies the LDAP socket connection timeout in seconds. "
+                  "Default is 10 seconds. "),
+
     {NULL}
 };