Net::LDAPS and timeouts

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I am running Net::LDAP v 0.25 on Solaris and Linux, and both platforms
experience the same timeout issue.

If I use
 use Net::LDAPS;
 print scalar(localtime(time)),qq{\n};
 $ld=new Net::LDAPS('ldap.slb.com',version=>3,timeout=>10);
 print scalar(localtime(time)),qq{\n};

then I see results like
 Thu Apr 25 13:47:54 2002
 Thu Apr 25 13:52:52 2002
or even worse, in that the connection can take hours to
complete.

I know that the LDAPS portion of the LDAP server can get itself into
an odd state, whereby there is something listening to requests on port
636, but that clients cannot fully connect.  If the server is
restarted, the Net::LDAPS connection completes as expected.  I have
code in a crontab, that is measuring the time taken to establish a
connection, do a lookup, and closing the connection, i.e.

 use Time::HiRes qw(gettimeofday tv_interval);
 use Net::LDAPS;
 $t0=[gettimeofday];  # reset to clock
 unless ($ldap = new Net::LDAPS('ldap.slb.com',version=>3)) {
   die "LDAPS Connection to ldap.slb.com failed!";
 }
 $mesg = $ldap->search (  # perform a search
                       base   => "cn=monitor",
                       filter => "objectclass=*",
                       scope => "base",
                       attrs => [ 'currentconnections',
                                  'totalconnections',
                                  'opscompleted',
                                  'currenttime',
                                  'starttime',
                                  'masterleafentries',
                                  'version'
                                ]
                           );
 if ($mesg->code) {
   die "Error:  Unable to search -- ".$mesg->error;
 }

 my $entry = $mesg->entry(0);
 foreach my $attr ($entry->attributes) {
   $Data{$attr}=$entry->get_value($attr);
 }
 $ldap->unbind;
 printf "LDAP operation took %d ms\n",
        tv_interval($t0)*1000;

and can see the reported response time of 9281657ms (i.e. 154
minutes). 

The LDAP server (IDDS 4.5.3) shows details like
 20020408174507Z 17145 (8616) conn=6604249 fd=151 connection from unknown (134.32.101.5)
 20020408201948Z 17145 (8613) conn=6604249 op=1 SEARCH dn="cn=monitor" filter=(objectclass=*) scope=baseObject
 20020408201948Z 17145 (8618) conn=6604249 op=1 RESULT err=0 "Success" tag=0x65 nentries=1
 20020408201948Z 17145 (8614) conn=6604249 op=2 UNBIND

The default timeout for Net::LDAPS is 120s (OK, this is used by
IO::Socket).

Is it possible to specify a timeout for the new connection operation,
for instances when IO::Socket manages to connect to the port, but then
LDAP fails to quickly negotiate an LDAP session.

I have seen this issue with LDAPS and LDAP.

Details on the installation (for the Linux testing) is
 Redhat           7.1
 perl             5.6.0
 Net::LDAPS       0.03
 Net::LDAP        0.25
 IO::Socket::SSL  0.80
 IO::Socket       1.26

Any suggestions on how to ensure 
 $ld=new Net::LDAPS('ldap.slb.com',version=>3,timeout=>10);
returns or aborts within the given timeout perios (10 seconds in my
example). 

Thanks,

Douglas.

-- 

================================
Dr. Douglas GRAY STEPHENS        
Technical Architect (Directories)
Schlumberger Cambridge Research
High Cross,
Madingley Road,
Cambridge.
CB3 0EL
ENGLAND

Phone  +44 1223 325295
Mobile +44 773 0051628
Fax    +44 1223 311830
Email DGr...@sl...
================================