2d239cfbc3
Presently the Identity LDAP driver does not set a connection timeout option which has the disadvantage of causing the Identity LDAP backend handler to stall indefinitely (or until TCP timeout) on LDAP bind, if a) the LDAP URL is incorrect, or b) there is a connection failure/link loss. This commit add a new option to set the LDAP connection timeout to set a new OPT_NETWORK_TIMEOUT option on the LDAP object. This will raise ldap.SERVER_DOWN exceptions on timeout. Signed-off-by: Kam Nasim <kam.nasim@windriver.com> Closes-Bug: #1636950 Change-Id: I574e6368169ad60bef2cc990d2d410a638d1b770
11 lines
512 B
YAML
11 lines
512 B
YAML
---
|
|
fixes:
|
|
- >
|
|
[`bug 1636950 <https://bugs.launchpad.net/keystone/+bug/1636950>`_]
|
|
New option ``[ldap] connection_timeout`` allows a deployer to set a
|
|
``OPT_NETWORK_TIMEOUT`` value to use with the LDAP server.
|
|
This allows the LDAP server to return a ``SERVER_DOWN`` exception,
|
|
if the LDAP URL is incorrect if there is a connection failure. By default,
|
|
the value for ``[ldap] connection_timeout`` is -1, meaning it is disabled.
|
|
Set a postive value (in seconds) to enable the option.
|