summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/etc/inc/auth.inc12
-rw-r--r--src/usr/local/www/system_authservers.php22
2 files changed, 32 insertions, 2 deletions
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc
index 0668493..23dcab7 100644
--- a/src/etc/inc/auth.inc
+++ b/src/etc/inc/auth.inc
@@ -830,6 +830,7 @@ function ldap_test_bind($authcfg) {
$ldapbindun = $authcfg['ldap_binddn'];
$ldapbindpw = $authcfg['ldap_bindpw'];
$ldapver = $authcfg['ldap_protver'];
+ $ldaptimeout = is_numeric($authcfg['ldap_timeout']) ? $authcfg['ldap_timeout'] : 25;
if (empty($ldapbndun) || empty($ldapbindpw)) {
$ldapanon = true;
} else {
@@ -861,6 +862,8 @@ function ldap_test_bind($authcfg) {
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver);
+ ldap_set_option($ldap, LDAP_OPT_TIMELIMIT, (int)$ldaptimeout);
+ ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, (int)$ldaptimeout);
$ldapbindun = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindun) : $ldapbindun;
$ldapbindpw = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindpw) : $ldapbindpw;
@@ -911,6 +914,7 @@ function ldap_get_user_ous($show_complete_ou=true, $authcfg) {
$ldapname = $authcfg['name'];
$ldapfallback = false;
$ldapscope = $authcfg['ldap_scope'];
+ $ldaptimeout = is_numeric($authcfg['ldap_timeout']) ? $authcfg['ldap_timeout'] : 25;
} else {
return false;
}
@@ -940,6 +944,8 @@ function ldap_get_user_ous($show_complete_ou=true, $authcfg) {
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver);
+ ldap_set_option($ldap, LDAP_OPT_TIMELIMIT, (int)$ldaptimeout);
+ ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, (int)$ldaptimeout);
$ldapbindun = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindun) : $ldapbindun;
$ldapbindpw = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindpw) : $ldapbindpw;
@@ -1037,6 +1043,7 @@ function ldap_get_groups($username, $authcfg) {
$ldapname = $authcfg['name'];
$ldapfallback = false;
$ldapscope = $authcfg['ldap_scope'];
+ $ldaptimeout = is_numeric($authcfg['ldap_timeout']) ? $authcfg['ldap_timeout'] : 25;
} else {
return false;
}
@@ -1064,6 +1071,8 @@ function ldap_get_groups($username, $authcfg) {
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver);
+ ldap_set_option($ldap, LDAP_OPT_TIMELIMIT, (int)$ldaptimeout);
+ ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, (int)$ldaptimeout);
/* bind as user that has rights to read group attributes */
$ldapbindun = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindun) : $ldapbindun;
@@ -1172,6 +1181,7 @@ function ldap_backed($username, $passwd, $authcfg) {
$ldapver = $authcfg['ldap_protver'];
$ldapname = $authcfg['name'];
$ldapscope = $authcfg['ldap_scope'];
+ $ldaptimeout = is_numeric($authcfg['ldap_timeout']) ? $authcfg['ldap_timeout'] : 25;
} else {
return false;
}
@@ -1194,6 +1204,8 @@ function ldap_backed($username, $passwd, $authcfg) {
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver);
+ ldap_set_option($ldap, LDAP_OPT_TIMELIMIT, (int)$ldaptimeout);
+ ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, (int)$ldaptimeout);
/* Make sure we can connect to LDAP */
$error = false;
diff --git a/src/usr/local/www/system_authservers.php b/src/usr/local/www/system_authservers.php
index 6f35451..1bf47ea 100644
--- a/src/usr/local/www/system_authservers.php
+++ b/src/usr/local/www/system_authservers.php
@@ -130,6 +130,7 @@ if ($act == "edit") {
$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
$pconfig['ldap_host'] = $a_server[$id]['host'];
$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
+ $pconfig['ldap_timeout'] = $a_server[$id]['ldap_timeout'];
$pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
@@ -255,8 +256,11 @@ if ($_POST) {
$input_errors[] = gettext("An authentication server with the same name already exists.");
}
- if (($pconfig['type'] == "radius") && isset($_POST['radius_timeout']) && !empty($_POST['radius_timeout']) && (!is_numeric($_POST['radius_timeout']) || (is_numeric($_POST['radius_timeout']) && ($_POST['radius_timeout'] <= 0)))) {
- $input_errors[] = gettext("RADIUS Timeout value must be numeric and positive.");
+ if (($pconfig['type'] == "ldap") || ($pconfig['type'] == "radius")) {
+ $to_field = "{$pconfig['type']}_timeout";
+ if (isset($_POST[$to_field]) && !empty($_POST[$to_field]) && (!is_numeric($_POST[$to_field]) || (is_numeric($_POST[$to_field]) && ($_POST[$to_field] <= 0)))) {
+ $input_errors[] = sprintf(gettext("%s Timeout value must be numeric and positive."), strtoupper($pconfig['type']));
+ }
}
/* if this is an AJAX caller then handle via JSON */
@@ -311,6 +315,12 @@ if ($_POST) {
unset($server['ldap_binddn']);
unset($server['ldap_bindpw']);
}
+
+ if ($pconfig['ldap_timeout']) {
+ $server['ldap_timeout'] = $pconfig['ldap_timeout'];
+ } else {
+ $server['ldap_timeout'] = 25;
+ }
}
if ($server['type'] == "radius") {
@@ -503,6 +513,14 @@ $section->addInput(new Form_Select(
array_combine($ldap_protvers, $ldap_protvers)
));
+$section->addInput(new Form_Input(
+ 'ldap_timeout',
+ 'Server Timeout',
+ 'number',
+ $pconfig['ldap_timeout'],
+ ['placeholder' => 25]
+))->setHelp('Timeout for LDAP operations (seconds)');
+
$group = new Form_Group('Search scope');
$SSF = new Form_Select(
OpenPOWER on IntegriCloud