LDAP Connection time out

vaanil

There are some occations where my LDAP server is not responding at all or fast enough. The server is still responds well to ping but not for LDAP connection. The ldap_connection hangs there forever[until my php script timeout]. I've a duplicate password database to which I wish to switch in the event of LDAP server down.

Is there any possibility to set a timeout for ldap_connect statement? So that after certain seconds without LDAP response I can switch to database for authentication?

bradgrafelman

I'm not sure about a timeout, but how are you connecting to the server via LDAP? Hostname, or IP?

Tony Brady
04-Nov-2005 02:53
I don't why but on my server I am not able to connect successfully to my LDAP server unless I use the IP address of the LDAP server, rather than the hostname. So this DOESN'T work:

<?php
$ldapconn = ldap_connect('ldap.example.com');
?>

whereas this does work:

<?php
$ip = gethostbyname('ldap.example.com');
$ldapconn = ldap_connect($ip);
?>

Of course you don't know it hasn't worked until you try to bind to the server and query it.

vaanil

I use server name, not IP address. It works for ping, so domain name resolving is ok I guess. Will it make a difference still?

It just hangs at the ldap_connect as though waiting for the answer.

if( ($username <> "") && ($password <> "") ){
$alive = false;
$server = 'myserver.mydomain.com';
// Check connection for 1 sec
$script = 'ping -w 1 '.$server.' >> /dev/null ; echo $?';
exec("$script 2>&1", $out);
if ($out[0] == '0') {
$alive = true;
}
// Check connection for 5 sec
if (!$alive) {
$script = 'ping -w 1 '.$server.' >> /dev/null ; echo $?';
exec("$script 2>&1", $out);
if ($out[0] == '0') {
$alive = true;
}
}

if ($alive) {
    $ldap = @ldap_connect($server);
}
if($alive && $ldap){
    if(@ldap_bind($ldap, $username, $password)){

bradgrafelman

Well, it adds one step (DNS)... try using IP address if you can. See if that helps any.

vaanil

I've added that into my code. Its difficult for me to test as the problem appears once in a while only.

I do not want to hard code the IP, so I use gethostbyname. I am not sure I will be gaining any speed here over the DNS. And its not my DNS server that fails as the LDAP server responds to my PING.