From 1464437ca2a1bb18fd6468e673ae7589e4d4216f Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Sep 10 2015 11:29:56 +0000
Subject: Handle timeout error in ipa-httpd-kdcproxy


The ipa-httpd-kdcproxy script now handles LDAP timeout errors correctly.
A timeout does no longer result into an Apache startup error.

https://fedorahosted.org/freeipa/ticket/5292

Reviewed-By: Martin Basti <mbasti@redhat.com>

---

diff --git a/install/tools/ipa-httpd-kdcproxy b/install/tools/ipa-httpd-kdcproxy
index 60b22f2..5e9863f 100755
--- a/install/tools/ipa-httpd-kdcproxy
+++ b/install/tools/ipa-httpd-kdcproxy
@@ -24,6 +24,7 @@ This script creates or removes the symlink from /etc/ipa/ipa-kdc-proxy.conf
 to /etc/httpd/conf.d/. It's called from ExecStartPre hook in httpd.service.
 """
 import os
+import socket
 import sys
 
 from ipalib import api, errors
@@ -81,7 +82,7 @@ class KDCProxyConfig(object):
             # EXTERNAL bind as root user
             self.con.ldapi = True
             self.con.do_bind(timeout=self.time_limit)
-        except errors.NetworkError as e:
+        except (errors.NetworkError, socket.timeout) as e:
             msg = 'Unable to connect to dirsrv: %s' % e
             raise CheckError(msg)
         except errors.AuthorizationError as e: