From: Eric Covener <covener@apache.org>
Date: Sat, 23 Jan 2010 17:15:04 +0000 (+0000)
Subject: fix LDAPConnectionTimeout, take a stab at newly added LDAPTimeout
X-Git-Tag: 2.3.6~559
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1d7922d578c1c89d0e1799addd607478a38e2b75;p=apache

fix LDAPConnectionTimeout, take a stab at newly added LDAPTimeout


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@902445 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_ldap.html.en b/docs/manual/mod/mod_ldap.html.en
index e5acfa60ef..2907e3dbee 100644
--- a/docs/manual/mod/mod_ldap.html.en
+++ b/docs/manual/mod/mod_ldap.html.en
@@ -67,6 +67,7 @@ by other LDAP modules</td></tr>
 <li><img alt="" src="../images/down.gif" /> <a href="#ldapreferrals">LDAPReferrals</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#ldapsharedcachefile">LDAPSharedCacheFile</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#ldapsharedcachesize">LDAPSharedCacheSize</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ldaptimeout">LDAPTimeout</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#ldaptrustedclientcert">LDAPTrustedClientCert</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#ldaptrustedglobalcert">LDAPTrustedGlobalCert</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#ldaptrustedmode">LDAPTrustedMode</a></li>
@@ -474,9 +475,8 @@ by other LDAP modules</td></tr>
 </table>
     <p>This directive configures the LDAP_OPT_NETWORK_TIMEOUT option in the
     underlying LDAP client library, when available.  This value typically 
-    controls how long the LDAP client library will wait for various network 
-    calls to complete, including establishing a connection to the target LDAP 
-    server.</p>
+    controls how long the LDAP client library will wait for the TCP connection
+    to the LDAP server to complete.</p>
 
     <p> If a connection is not successful with the timeout period, either an error will be 
     returned or the LDAP client library will attempt to connect to a secondary LDAP 
@@ -619,6 +619,28 @@ valid</td></tr>
     memory cache. The default is 500kb. If set to 0, shared memory
     caching will not be used.</p>
 
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="LDAPTimeout" id="LDAPTimeout">LDAPTimeout</a> <a name="ldaptimeout" id="ldaptimeout">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specifies the timeout for LDAP search and bind operations, in seconds</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPTimeout <var>seconds</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPTimeout 60</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
+</table>
+    <p>This directive configures the timeout for bind and search operations, as well as
+    the LDAP_OPT_TIMEOUT option in the underlying LDAP client library, when available.</p>
+
+    <p> If the timeout expires, httpd will retry in case an existing connection has
+    been silently dropped by a firewall.</p>
+
+    <div class="note">
+    <p>Timeouts for ldap compare operations requires an SDK with LDAP_OPT_TIMEOUT, such as OpenLDAP &gt;= 2.4.4.</p>
+    </div>
+
+
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="LDAPTrustedClientCert" id="LDAPTrustedClientCert">LDAPTrustedClientCert</a> <a name="ldaptrustedclientcert" id="ldaptrustedclientcert">Directive</a></h2>
diff --git a/docs/manual/mod/mod_ldap.xml b/docs/manual/mod/mod_ldap.xml
index 0bef2b366b..177dab95cb 100644
--- a/docs/manual/mod/mod_ldap.xml
+++ b/docs/manual/mod/mod_ldap.xml
@@ -633,9 +633,8 @@ connection client certificates.</description>
 <usage>
     <p>This directive configures the LDAP_OPT_NETWORK_TIMEOUT option in the
     underlying LDAP client library, when available.  This value typically 
-    controls how long the LDAP client library will wait for various network 
-    calls to complete, including establishing a connection to the target LDAP 
-    server.</p>
+    controls how long the LDAP client library will wait for the TCP connection
+    to the LDAP server to complete.</p>
 
     <p> If a connection is not successful with the timeout period, either an error will be 
     returned or the LDAP client library will attempt to connect to a secondary LDAP 
@@ -652,6 +651,28 @@ connection client certificates.</description>
 </usage>
 </directivesynopsis>
 
+<directivesynopsis>
+<name>LDAPTimeout</name>
+<description>Specifies the timeout for LDAP search and bind operations, in seconds</description>
+<syntax>LDAPTimeout <var>seconds</var></syntax>
+<default>LDAPTimeout 60</default>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+    <p>This directive configures the timeout for bind and search operations, as well as
+    the LDAP_OPT_TIMEOUT option in the underlying LDAP client library, when available.</p>
+
+    <p> If the timeout expires, httpd will retry in case an existing connection has
+    been silently dropped by a firewall.</p>
+
+    <note>
+    <p>Timeouts for ldap compare operations requires an SDK with LDAP_OPT_TIMEOUT, such as OpenLDAP &gt;= 2.4.4.</p>
+    </note>
+
+</usage>
+</directivesynopsis>
+
+
 <directivesynopsis>
 <name>LDAPVerifyServerCert</name>
 <description>Force server certificate verification</description>

Description:	Specifies the timeout for LDAP search and bind operations, in seconds
Syntax:	`LDAPTimeout seconds`
Default:	`LDAPTimeout 60`
Context:	server config
Status:	Extension
Module:	mod_ldap