You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bn...@apache.org on 2005/01/27 02:13:16 UTC
svn commit: r126565 - /httpd/httpd/trunk/CHANGES /httpd/httpd/trunk/docs/manual/mod/mod_ldap.xml /httpd/httpd/trunk/include/util_ldap.h /httpd/httpd/trunk/modules/ldap/util_ldap.c
Author: bnicholes
Date: Wed Jan 26 17:13:15 2005
New Revision: 126565
URL: http://svn.apache.org/viewcvs?view=rev&rev=126565
Log:
Added a new LDAPConnectionTimeout directive to util_ldap so that the socket connection timeout value is configurable.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/docs/manual/mod/mod_ldap.xml
httpd/httpd/trunk/include/util_ldap.h
httpd/httpd/trunk/modules/ldap/util_ldap.c
Modified: httpd/httpd/trunk/CHANGES
Url: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?view=diff&rev=126565&p1=httpd/httpd/trunk/CHANGES&r1=126564&p2=httpd/httpd/trunk/CHANGES&r2=126565
==============================================================================
--- httpd/httpd/trunk/CHANGES (original)
+++ httpd/httpd/trunk/CHANGES Wed Jan 26 17:13:15 2005
@@ -2,6 +2,10 @@
[Remove entries to the current 2.0 section below, when backported]
+ *) mod_ldap: Added the directive LDAPConnectionTimeout to configure
+ the ldap socket connection timeout value.
+ [Brad Nicholes]
+
*) Add --enable-pie flag to configure, to build httpd as a Position
Independent Executable where supported (GCC/binutils).
[Joe Orton]
Modified: httpd/httpd/trunk/docs/manual/mod/mod_ldap.xml
Url: http://svn.apache.org/viewcvs/httpd/httpd/trunk/docs/manual/mod/mod_ldap.xml?view=diff&rev=126565&p1=httpd/httpd/trunk/docs/manual/mod/mod_ldap.xml&r1=126564&p2=httpd/httpd/trunk/docs/manual/mod/mod_ldap.xml&r2=126565
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ldap.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ldap.xml Wed Jan 26 17:13:15 2005
@@ -245,7 +245,7 @@
<section id="settingcerts"><title>SSL/TLS Certificates</title>
<p>The different LDAP SDKs have widely different methods of setting
- and handling both CA and client side certificates.<p>
+ and handling both CA and client side certificates.</p>
<p>If you intend to use SSL or TLS, read this section CAREFULLY so as to
understand the differences between configurations on the different LDAP
@@ -563,6 +563,21 @@
<p>If an ldaps:// URL is specified, the mode becomes SSL and the setting
of LDAPTrustedMode is ignored.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>LDAPConnectionTimeout</name>
+<description>Specifies the socket connection timeout in seconds</description>
+<syntax>LDAPConnectionTimeout <var>seconds</var></syntax>
+<contextlist><context>server config</context></contextlist>
+
+<usage>
+ <p>Specifies the timeout value (in seconds) in which the module will
+ attempt to connect to the LDAP server. If a connection is not
+ successful with the timeout period, either an error will be
+ returned or the module will attempt to connect to a secondary LDAP
+ server if one is specified. The default is 10 seconds.</p>
</usage>
</directivesynopsis>
Modified: httpd/httpd/trunk/include/util_ldap.h
Url: http://svn.apache.org/viewcvs/httpd/httpd/trunk/include/util_ldap.h?view=diff&rev=126565&p1=httpd/httpd/trunk/include/util_ldap.h&r1=126564&p2=httpd/httpd/trunk/include/util_ldap.h&r2=126565
==============================================================================
--- httpd/httpd/trunk/include/util_ldap.h (original)
+++ httpd/httpd/trunk/include/util_ldap.h Wed Jan 26 17:13:15 2005
@@ -128,6 +128,7 @@
/* cache ald */
void *util_ldap_cache;
char *lock_file; /* filename for shm lock mutex */
+ int connectionTimeout;
} util_ldap_state_t;
Modified: httpd/httpd/trunk/modules/ldap/util_ldap.c
Url: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ldap/util_ldap.c?view=diff&rev=126565&p1=httpd/httpd/trunk/modules/ldap/util_ldap.c&r1=126564&p2=httpd/httpd/trunk/modules/ldap/util_ldap.c&r2=126565
==============================================================================
--- httpd/httpd/trunk/modules/ldap/util_ldap.c (original)
+++ httpd/httpd/trunk/modules/ldap/util_ldap.c Wed Jan 26 17:13:15 2005
@@ -1594,6 +1594,26 @@
return(NULL);
}
+static const char *util_ldap_set_connection_timeout(cmd_parms *cmd, void *dummy, const char *ttl)
+{
+ util_ldap_state_t *st =
+ (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config,
+ &ldap_module);
+ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+
+ if (err != NULL) {
+ return err;
+ }
+
+ st->connectionTimeout = atol(ttl);
+
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->server,
+ "[%d] ldap connection: Setting connection timeout to %ld seconds.",
+ getpid(), st->connectionTimeout);
+
+ return NULL;
+}
+
void *util_ldap_create_config(apr_pool_t *p, server_rec *s)
{
@@ -1613,6 +1633,7 @@
st->client_certs = apr_array_make(p, 10, sizeof(apr_ldap_opt_tls_cert_t));
st->secure = APR_LDAP_NONE;
st->secure_set = 0;
+ st->connectionTimeout = 10;
return st;
}
@@ -1669,6 +1690,7 @@
const char *userdata_key = "util_ldap_init";
apr_ldap_err_t *result_err = NULL;
int rc;
+ struct timeval timeOut = {10,0}; /* 10 second connection timeout */
/* util_ldap_post_config() will be called twice. Don't bother
* going through all of the initialization on the first call
@@ -1788,6 +1810,20 @@
ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
"LDAP: SSL support unavailable" );
}
+
+ if (st->connectionTimeout > 0) {
+ timeOut.tv_sec = st->connectionTimeout;
+ }
+
+ if (st->connectionTimeout >= 0) {
+ rc = apr_ldap_set_option(p, NULL, LDAP_OPT_NETWORK_TIMEOUT,
+ (void *)&timeOut, &(result_err));
+ if (APR_SUCCESS != rc) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ "LDAP: Could not set the connection timeout" );
+ }
+ }
+
return(OK);
}
@@ -1882,6 +1918,10 @@
" NONE - no encryption enabled "
" SSL - SSL encryption enabled (forced by ldaps://) "
" STARTTLS - STARTTLS MUST be enabled "),
+
+ AP_INIT_TAKE1("LDAPConnectionTimeout", util_ldap_set_connection_timeout, NULL, RSRC_CONF,
+ "Specifies the LDAP socket connection timeout in seconds. "
+ "Default is 10 seconds. "),
{NULL}
};