From 3f782460dc72f20ad7d3dff94914eee4d3d50114 Mon Sep 17 00:00:00 2001
From: Markus Frosch <markus.frosch@icinga.com>
Date: Tue, 16 Oct 2018 14:35:50 +0200
Subject: [PATCH] LdapConnection: Add timeout setting with a useful default
 value

---
 .../forms/Config/Resource/LdapResourceForm.php        | 11 +++++++++++
 library/Icinga/Protocol/Ldap/LdapConnection.php       | 11 +++++++++++
 2 files changed, 22 insertions(+)

diff --git a/application/forms/Config/Resource/LdapResourceForm.php b/application/forms/Config/Resource/LdapResourceForm.php
index 305875f6d..9ae935d73 100644
--- a/application/forms/Config/Resource/LdapResourceForm.php
+++ b/application/forms/Config/Resource/LdapResourceForm.php
@@ -144,6 +144,17 @@ class LdapResourceForm extends Form
             )
         );
 
+        $this->addElement(
+            'number',
+            'timeout',
+            array(
+                'preserveDefault'   => true,
+                'label'             => $this->translate('Timeout'),
+                'description'       => $this->translate('Connection timeout for every LDAP connection'),
+                'value'             => 5 // see LdapConnection::__construct()
+            )
+        );
+
         return $this;
     }
 }
diff --git a/library/Icinga/Protocol/Ldap/LdapConnection.php b/library/Icinga/Protocol/Ldap/LdapConnection.php
index 5290894b3..c009fe62a 100644
--- a/library/Icinga/Protocol/Ldap/LdapConnection.php
+++ b/library/Icinga/Protocol/Ldap/LdapConnection.php
@@ -139,6 +139,13 @@ class LdapConnection implements Selectable, Inspectable
      */
     protected $root;
 
+    /**
+     * LDAP_OPT_NETWORK_TIMEOUT for the LDAP connection
+     *
+     * @var int
+     */
+    protected $timeout;
+
     /**
      * The properties and capabilities of the LDAP server
      *
@@ -179,6 +186,7 @@ class LdapConnection implements Selectable, Inspectable
         $this->bindPw = $config->bind_pw;
         $this->rootDn = $config->root_dn;
         $this->port = $config->get('port', 389);
+        $this->timeout = $config->get('timeout', 5);
 
         $this->encryption = $config->encryption;
         if ($this->encryption !== null) {
@@ -1190,6 +1198,9 @@ class LdapConnection implements Selectable, Inspectable
 
         $ds = ldap_connect($hostname, $this->port);
 
+        // Set a proper timeout for each connection
+        ldap_set_option($ds, LDAP_OPT_NETWORK_TIMEOUT, $this->timeout);
+
         // Usage of ldap_rename, setting LDAP_OPT_REFERRALS to 0 or using STARTTLS requires LDAPv3.
         // If this does not work we're probably not in a PHP 5.3+ environment as it is VERY
         // unlikely that the server complains about it by itself prior to a bind request