When trying to bind to an offline IPA server, do_simple_bind() hangs the process for a lot longer than the given timeout.
Steps to reproduce (example):
ipa-csreplica-manage list --host=offline.replica.xy -p dirman_password
Hangs for 5+ minutes
Fail with "Timeout exceeded" after "DEFAULT_TIMEOUT" (10) seconds.
ipapython/ipaldap.py: the connection attribute (conn) of LDAPClient class never receives timeout information. This makes the ldap actions on this connection last the default time of python-ldap library, which is usually much more than the timeout passed to do_simple_bind().
The cause is not known.
This ticket is out of scope of 4.4.0 release. Moving to 4.4.1. Note that 4.4.1 needs to be triaged, therefore not everything will be implemented.
Moving to next major version. Fixing this bug is not critical in stabilization release.
Metadata Update from @stlaz:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5
Metadata Update from @pvoborni:
- Issue close_status updated to: None
- Issue set to the milestone: FreeIPA 4.7 (was: FreeIPA 4.5)
Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.7.1 (was: FreeIPA 4.7)
FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone
FTR I can't reproduce this with an offline server. If I firewall port 636 I can reproduce it.
What is needed is a call like:
The trickier part will be whether we want this as a default, how configurable, etc.
to comment on this ticket.