diff --git a/application/forms/Config/Resource/LdapResourceForm.php b/application/forms/Config/Resource/LdapResourceForm.php index 305875f6d..9ae935d73 100644 --- a/application/forms/Config/Resource/LdapResourceForm.php +++ b/application/forms/Config/Resource/LdapResourceForm.php @@ -144,6 +144,17 @@ class LdapResourceForm extends Form ) ); + $this->addElement( + 'number', + 'timeout', + array( + 'preserveDefault' => true, + 'label' => $this->translate('Timeout'), + 'description' => $this->translate('Connection timeout for every LDAP connection'), + 'value' => 5 // see LdapConnection::__construct() + ) + ); + return $this; } } diff --git a/library/Icinga/Protocol/Ldap/LdapConnection.php b/library/Icinga/Protocol/Ldap/LdapConnection.php index 5290894b3..dd6c9b161 100644 --- a/library/Icinga/Protocol/Ldap/LdapConnection.php +++ b/library/Icinga/Protocol/Ldap/LdapConnection.php @@ -139,6 +139,13 @@ class LdapConnection implements Selectable, Inspectable */ protected $root; + /** + * LDAP_OPT_NETWORK_TIMEOUT for the LDAP connection + * + * @var int + */ + protected $timeout; + /** * The properties and capabilities of the LDAP server * @@ -178,7 +185,8 @@ class LdapConnection implements Selectable, Inspectable $this->bindDn = $config->bind_dn; $this->bindPw = $config->bind_pw; $this->rootDn = $config->root_dn; - $this->port = $config->get('port', 389); + $this->port = (int) $config->get('port', 389); + $this->timeout = (int) $config->get('timeout', 5); $this->encryption = $config->encryption; if ($this->encryption !== null) { @@ -1190,6 +1198,9 @@ class LdapConnection implements Selectable, Inspectable $ds = ldap_connect($hostname, $this->port); + // Set a proper timeout for each connection + ldap_set_option($ds, LDAP_OPT_NETWORK_TIMEOUT, $this->timeout); + // Usage of ldap_rename, setting LDAP_OPT_REFERRALS to 0 or using STARTTLS requires LDAPv3. // If this does not work we're probably not in a PHP 5.3+ environment as it is VERY // unlikely that the server complains about it by itself prior to a bind request