From 2ca26b14039407fc2c14d52abd82c8c423d048fb Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Tue, 12 Mar 2019 12:33:23 +0100 Subject: [PATCH 2/2] ldap: set default timeout to 5 seconds (fixes #29386) Also change behaviour to set the network *and* default timeout, see ldap.conf(5) : NETWORK_TIMEOUT Specifies the timeout (in seconds) after which the poll(2)/select(2) following a connect(2) returns in case of no activity. TIMEOUT Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs will abort if no response is received. Also used for any ldap_result(3) calls where a NULL timeout parameter is supplied. --- src/authentic2/backends/ldap_backend.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/authentic2/backends/ldap_backend.py b/src/authentic2/backends/ldap_backend.py index dc084407..746e9da3 100644 --- a/src/authentic2/backends/ldap_backend.py +++ b/src/authentic2/backends/ldap_backend.py @@ -391,7 +391,7 @@ class LDAPBackend(object): 'email_field': 'mail', 'fname_field': 'givenName', 'lname_field': 'sn', - 'timeout': -1, + 'timeout': 5, 'referrals': False, 'disable_update': False, 'bind_with_username': False, @@ -1190,6 +1190,7 @@ class LDAPBackend(object): conn = LDAPObject(url) if block['timeout'] > 0: conn.set_option(ldap.OPT_NETWORK_TIMEOUT, block['timeout']) + conn.set_option(ldap.OPT_TIMEOUT, block['timeout']) conn.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, getattr(ldap, 'OPT_X_TLS_' + block['require_cert'].upper())) if block['cacertfile']: -- 2.20.1