diff options
-rw-r--r-- | src/etc/inc/auth.inc | 12 | ||||
-rw-r--r-- | src/usr/local/www/system_authservers.php | 22 |
2 files changed, 32 insertions, 2 deletions
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index 0668493..23dcab7 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -830,6 +830,7 @@ function ldap_test_bind($authcfg) { $ldapbindun = $authcfg['ldap_binddn']; $ldapbindpw = $authcfg['ldap_bindpw']; $ldapver = $authcfg['ldap_protver']; + $ldaptimeout = is_numeric($authcfg['ldap_timeout']) ? $authcfg['ldap_timeout'] : 25; if (empty($ldapbndun) || empty($ldapbindpw)) { $ldapanon = true; } else { @@ -861,6 +862,8 @@ function ldap_test_bind($authcfg) { ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver); + ldap_set_option($ldap, LDAP_OPT_TIMELIMIT, (int)$ldaptimeout); + ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, (int)$ldaptimeout); $ldapbindun = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindun) : $ldapbindun; $ldapbindpw = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindpw) : $ldapbindpw; @@ -911,6 +914,7 @@ function ldap_get_user_ous($show_complete_ou=true, $authcfg) { $ldapname = $authcfg['name']; $ldapfallback = false; $ldapscope = $authcfg['ldap_scope']; + $ldaptimeout = is_numeric($authcfg['ldap_timeout']) ? $authcfg['ldap_timeout'] : 25; } else { return false; } @@ -940,6 +944,8 @@ function ldap_get_user_ous($show_complete_ou=true, $authcfg) { ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver); + ldap_set_option($ldap, LDAP_OPT_TIMELIMIT, (int)$ldaptimeout); + ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, (int)$ldaptimeout); $ldapbindun = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindun) : $ldapbindun; $ldapbindpw = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindpw) : $ldapbindpw; @@ -1037,6 +1043,7 @@ function ldap_get_groups($username, $authcfg) { $ldapname = $authcfg['name']; $ldapfallback = false; $ldapscope = $authcfg['ldap_scope']; + $ldaptimeout = is_numeric($authcfg['ldap_timeout']) ? $authcfg['ldap_timeout'] : 25; } else { return false; } @@ -1064,6 +1071,8 @@ function ldap_get_groups($username, $authcfg) { ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver); + ldap_set_option($ldap, LDAP_OPT_TIMELIMIT, (int)$ldaptimeout); + ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, (int)$ldaptimeout); /* bind as user that has rights to read group attributes */ $ldapbindun = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindun) : $ldapbindun; @@ -1172,6 +1181,7 @@ function ldap_backed($username, $passwd, $authcfg) { $ldapver = $authcfg['ldap_protver']; $ldapname = $authcfg['name']; $ldapscope = $authcfg['ldap_scope']; + $ldaptimeout = is_numeric($authcfg['ldap_timeout']) ? $authcfg['ldap_timeout'] : 25; } else { return false; } @@ -1194,6 +1204,8 @@ function ldap_backed($username, $passwd, $authcfg) { ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver); + ldap_set_option($ldap, LDAP_OPT_TIMELIMIT, (int)$ldaptimeout); + ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, (int)$ldaptimeout); /* Make sure we can connect to LDAP */ $error = false; diff --git a/src/usr/local/www/system_authservers.php b/src/usr/local/www/system_authservers.php index 6f35451..1bf47ea 100644 --- a/src/usr/local/www/system_authservers.php +++ b/src/usr/local/www/system_authservers.php @@ -130,6 +130,7 @@ if ($act == "edit") { $pconfig['ldap_caref'] = $a_server[$id]['ldap_caref']; $pconfig['ldap_host'] = $a_server[$id]['host']; $pconfig['ldap_port'] = $a_server[$id]['ldap_port']; + $pconfig['ldap_timeout'] = $a_server[$id]['ldap_timeout']; $pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype']; $pconfig['ldap_protver'] = $a_server[$id]['ldap_protver']; $pconfig['ldap_scope'] = $a_server[$id]['ldap_scope']; @@ -255,8 +256,11 @@ if ($_POST) { $input_errors[] = gettext("An authentication server with the same name already exists."); } - if (($pconfig['type'] == "radius") && isset($_POST['radius_timeout']) && !empty($_POST['radius_timeout']) && (!is_numeric($_POST['radius_timeout']) || (is_numeric($_POST['radius_timeout']) && ($_POST['radius_timeout'] <= 0)))) { - $input_errors[] = gettext("RADIUS Timeout value must be numeric and positive."); + if (($pconfig['type'] == "ldap") || ($pconfig['type'] == "radius")) { + $to_field = "{$pconfig['type']}_timeout"; + if (isset($_POST[$to_field]) && !empty($_POST[$to_field]) && (!is_numeric($_POST[$to_field]) || (is_numeric($_POST[$to_field]) && ($_POST[$to_field] <= 0)))) { + $input_errors[] = sprintf(gettext("%s Timeout value must be numeric and positive."), strtoupper($pconfig['type'])); + } } /* if this is an AJAX caller then handle via JSON */ @@ -311,6 +315,12 @@ if ($_POST) { unset($server['ldap_binddn']); unset($server['ldap_bindpw']); } + + if ($pconfig['ldap_timeout']) { + $server['ldap_timeout'] = $pconfig['ldap_timeout']; + } else { + $server['ldap_timeout'] = 25; + } } if ($server['type'] == "radius") { @@ -503,6 +513,14 @@ $section->addInput(new Form_Select( array_combine($ldap_protvers, $ldap_protvers) )); +$section->addInput(new Form_Input( + 'ldap_timeout', + 'Server Timeout', + 'number', + $pconfig['ldap_timeout'], + ['placeholder' => 25] +))->setHelp('Timeout for LDAP operations (seconds)'); + $group = new Form_Group('Search scope'); $SSF = new Form_Select( |