FW: Winbindd timeout on unreacheable domains

Andrew Bartlett abartlet at samba.org
Thu Feb 19 21:24:44 GMT 2004 

On Fri, 2004-02-20 at 02:01, Lin Li wrote:
> Lin Li wrote:
> 
> > In fact I have logged a bug (#704) for this. It's doing 
> > ads_try_connect(). My solution is to use ldap_init() instead of 
> > ldap_open() and set a small timeout using ldap_set_option(). Here is 
> > my patch (I'm using 3.0.0) and it works in my test.
> > -------------------------------------
> > +       struct timeval timeout;
> >
> >        if (!server || !*server) {
> >                return False;
> > @@ -58,11 +59,15 @@
> >        /* this copes with inet_ntoa brokenness */
> >        srv = strdup(server);
> >
> > -       ads->ld = ldap_open(srv, port);
> > +       ads->ld = ldap_init(srv, port);
> >        if (!ads->ld) {
> >                free(srv);
> >                return False;
> >        }
> > +
> > +       timeout.tv_sec = 15;
> > +       timeout.tv_usec = 0;
> > +       ldap_set_option(ads->ld, LDAP_OPT_NETWORK_TIMEOUT, &timeout);
> >        ads->ldap_port = port;
> >        ads->ldap_ip = *interpret_addr2(srv);
> >        free(srv);
> > -------------------------------------
> >
> > Thanks,
> > Lin
> >
> Sorry, the patch is for source/libads/ldap.c

Unfortunetly, there is a problem with that patch.

The issue is that making the connect() to the remote LDAP server is put
off until the first LDAP operation.  The current code paths assume that
if ldap_open() suceeds, then at least the remote sever is there...

So, we need to at least 'ping' the remote server in some way, before we
can say 'we connected'.  I would suggest this means calling
ads_server_info() inside ads_try_connect() and ads_try_connect_uri(). 
These functions should also return ADS_STATUS, and be correctly modified
to return something useful (that ads_find_dc() can use) when the remote
server just isn't there.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040220/8874ad62/attachment.bin

More information about the samba-technical mailing list