SDAP: Make StartTLS bind configurable with ldap_opt_timeout

Related:
https://fedorahosted.org/sssd/ticket/1501

Reviewed-by: Pavel Reichl <preichl@redhat.com>

2 files changed, 6 insertions, 4 deletions

diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index a93e6dfe7..6088a1286 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -1236,8 +1236,9 @@
                             calls to synchronous LDAP APIs will abort if no
                             response is received. Also controls the timeout
                             when communicating with the KDC in case of SASL
-                            bind, the timeout of an LDAP bind operation and
-                            password change extended operation.
+                            bind, the timeout of an LDAP bind operation,
+                            password change extended operation and the
+                            StartTLS operation.
                         </para>
                         <para>
                             Default: 6
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index ded371098..bffe787c9 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -314,9 +314,10 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
     ret = sdap_set_connected(state->sh, state->ev);
     if (ret) goto fail;
 
-    /* FIXME: get timeouts from configuration, for now 5 secs. */
     ret = sdap_op_add(state, state->ev, state->sh, msgid,
-                      sdap_connect_done, req, 5, &state->op);
+                      sdap_connect_done, req,
+                      dp_opt_get_int(state->opts->basic, SDAP_OPT_TIMEOUT),
+                      &state->op);
     if (ret) {
         DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n");
         goto fail;