Add ldap connection timeout for OpenLDAP and Netscape LDAP libs. This can be controlled via the ldap connection timeout parameter. This fixes fallbacks to secondary LDAP servers in multi LDAP server setups like in #4544

source/include/smbldap.h

@@ -220,7 +220,8 @@ const char *smbldap_talloc_dn(TALLOC_CTX *mem_ctx, LDAP *ld,
 
 #endif 	/* HAVE_LDAP */
 
-#define LDAP_CONNECT_DEFAULT_TIMEOUT   15
+#define LDAP_DEFAULT_TIMEOUT   15
+#define LDAP_CONNECTION_DEFAULT_TIMEOUT 2
 #define LDAP_PAGE_SIZE 1024
 
 #endif	/* _SMBLDAP_H */

source/lib/smbldap.c

@@ -672,9 +672,33 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri)
 			return LDAP_OPERATIONS_ERROR;
 #endif /* LDAP_OPT_X_TLS */
 		}
-
 	}
 #endif /* HAVE_LDAP_INITIALIZE */
+
+
+	/* now set connection timeout */
+#ifdef LDAP_X_OPT_CONNECT_TIMEOUT /* Netscape */
+	{
+		int ct = lp_ldap_connection_timeout()*1000;
+		rc = ldap_set_option(*ldap_struct, LDAP_X_OPT_CONNECT_TIMEOUT, &ct);
+		if (rc != LDAP_SUCCESS) {
+			DEBUG(0,("Failed to setup an ldap connection timeout %d: %s\n",
+				ct, ldap_err2string(rc)));
+		}
+	}
+#elif defined (LDAP_OPT_NETWORK_TIMEOUT) /* OpenLDAP */
+	{
+		struct timeval ct;
+		ct.tv_usec = 0;
+		ct.tv_sec = lp_ldap_connection_timeout();
+		rc = ldap_set_option(*ldap_struct, LDAP_OPT_NETWORK_TIMEOUT, &ct);
+		if (rc != LDAP_SUCCESS) {
+			DEBUG(0,("Failed to setup an ldap connection timeout %d: %s\n",
+				ct.tv_sec, ldap_err2string(rc)));
+		}
+	}
+#endif
+
 	return LDAP_SUCCESS;
 }
 

source/param/loadparm.c

@@ -263,6 +263,7 @@ struct global {
 	int ldap_passwd_sync;
 	int ldap_replication_sleep;
 	int ldap_timeout; /* This is initialised in init_globals */
+	int ldap_connection_timeout;
 	int ldap_page_size;
 	bool ldap_delete_dn;
 	bool bMsAddPrinterWizard;
@@ -3561,6 +3562,15 @@ static struct parm_struct parm_table[] = {
 		.enum_list	= NULL,
 		.flags		= FLAG_ADVANCED,
 	},
+	{
+		.label		= "ldap connection timeout",
+		.type		= P_INTEGER,
+		.p_class	= P_GLOBAL,
+		.ptr		= &Globals.ldap_connection_timeout,
+		.special	= NULL,
+		.enum_list	= NULL,
+		.flags		= FLAG_ADVANCED,
+	},
 	{
 		.label		= "ldap page size",
 		.type		= P_INTEGER,
@@ -4755,7 +4765,8 @@ static void init_globals(bool first_time_only)
 	Globals.ldap_passwd_sync = LDAP_PASSWD_SYNC_OFF;
 	Globals.ldap_delete_dn = False;
 	Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
-	Globals.ldap_timeout = LDAP_CONNECT_DEFAULT_TIMEOUT;
+	Globals.ldap_timeout = LDAP_DEFAULT_TIMEOUT;
+	Globals.ldap_connection_timeout = LDAP_CONNECTION_DEFAULT_TIMEOUT;
 	Globals.ldap_page_size = LDAP_PAGE_SIZE;
 
 	Globals.ldap_debug_level = 0;
@@ -5074,6 +5085,7 @@ FN_GLOBAL_INTEGER(lp_ldap_passwd_sync, &Globals.ldap_passwd_sync)
 FN_GLOBAL_BOOL(lp_ldap_delete_dn, &Globals.ldap_delete_dn)
 FN_GLOBAL_INTEGER(lp_ldap_replication_sleep, &Globals.ldap_replication_sleep)
 FN_GLOBAL_INTEGER(lp_ldap_timeout, &Globals.ldap_timeout)
+FN_GLOBAL_INTEGER(lp_ldap_connection_timeout, &Globals.ldap_connection_timeout)
 FN_GLOBAL_INTEGER(lp_ldap_page_size, &Globals.ldap_page_size)
 FN_GLOBAL_INTEGER(lp_ldap_debug_level, &Globals.ldap_debug_level)
 FN_GLOBAL_INTEGER(lp_ldap_debug_threshold, &Globals.ldap_debug_threshold)