Magnus Hagander wrote:
>> The patch should still be good, but if we keep the deprecated
>> OpenLDAP API, it might be more consistent to use ldap_simple_bind_s
>> instead of ldap_sasl_bind_s.
>>
>> If you agree, I'll change that.
>
> Sorry, you got this one in just as my vacation started.
>
> Yes, I agree with that. So please do.
Here is the updated patch.
To repeat: this fixes a bug in LDAP connection parameter lookup
if you want to have failover with more than one LDAP server:
the timeout that should ensure that failover does not take too long
did not work if there are TCP connection problems; in that case
the connection attempt would hang until network timeout
before failing over to the second LDAP server.
This should be backpatched as far as supported (8.4).
Yours,
Laurenz Albe