tac_plus: Timeout for non-responding ldap-servers

Question

tac_plus: Timeout for non-responding ldap-servers

mboehm21 opened this issue a year ago · 1 comments

We are using tac_plus with two defined ldap-servers:

        mavis module = external {
                setenv LDAP_SERVER_TYPE = "openldap"
                setenv LDAP_HOSTS = "ldap1 ldap2"
...
                exec = /usr/local/lib/mavis/mavis_tacplus_ldap.pl
        }

How can we configure the timeout for tac_plus to try the second server when the first one is unreachable? The default seems too long for the routers to wait.

Thanks a lot.

Answer 1 · 2023-04-26T13:54:49.000Z

Hi,

setenv LDAP_CONNECT_TIMEOUT = 1

should work. Default is 5 seconds (which is arguably too large).

Cheers,

Marc