Set ldap_search_timeout default to 5 seconds

The manpages had five seconds listed, but the source disagreed (it
was set to 60 seconds).
This resulted in long wait times when unlocking the screen after
network disconnection, for example.

If enumerate=True, we will set this value to a minimum of 30s

4 files changed, 22 insertions, 2 deletions

diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index 4bcd534c8..76ac02e16 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -42,7 +42,7 @@ struct dp_option ipa_def_ldap_opts[] = {
     { "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_default_authtok_type", DP_OPT_STRING, NULL_STRING, NULL_STRING},
     { "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB },
-    { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER },
+    { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 5 }, NULL_NUMBER },
     { "ldap_network_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
     { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
     { "ldap_tls_reqcert", DP_OPT_STRING, { "hard" }, NULL_STRING },
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index f3fa610e5..eeecc371f 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -130,6 +130,16 @@ int sssm_ipa_id_init(struct be_ctx *bectx,
         goto done;
     }
 
+    /* FIXME: This is a workaround for 1.2.0. In the future, we need to have
+     * separate timeouts for enumeration operations
+     * If enumeration is enabled and the search timeout is less
+     * than 30s, force it to a minimum of 30s.
+     */
+    if(bectx->domain->enumerate &&
+            dp_opt_get_int(ctx->opts->basic, SDAP_SEARCH_TIMEOUT) < 30) {
+        dp_opt_set_int(ctx->opts->basic, SDAP_SEARCH_TIMEOUT, 30);
+    }
+
     if(dp_opt_get_bool(ipa_options->basic, IPA_DYNDNS_UPDATE)) {
         /* Perform automatic DNS updates when the
          * IP address changes.
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 8fcea9677..0257ef638 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -36,7 +36,7 @@ struct dp_option default_basic_opts[] = {
     { "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_default_authtok_type", DP_OPT_STRING, NULL_STRING, NULL_STRING},
     { "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB },
-    { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER },
+    { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 5 }, NULL_NUMBER },
     { "ldap_network_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
     { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
     { "ldap_tls_reqcert", DP_OPT_STRING, { "hard" }, NULL_STRING },
diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c
index 5c6f4b790..af98d8e52 100644
--- a/src/providers/ldap/ldap_init.c
+++ b/src/providers/ldap/ldap_init.c
@@ -82,6 +82,16 @@ int sssm_ldap_id_init(struct be_ctx *bectx,
         goto done;
     }
 
+    /* FIXME: This is a workaround for 1.2.0. In the future, we need to have
+     * separate timeouts for enumeration operations
+     * If enumeration is enabled and the search timeout is less
+     * than 30s, force it to a minimum of 30s.
+     */
+    if(bectx->domain->enumerate &&
+            dp_opt_get_int(ctx->opts->basic, SDAP_SEARCH_TIMEOUT) < 30) {
+        dp_opt_set_int(ctx->opts->basic, SDAP_SEARCH_TIMEOUT, 30);
+    }
+
     dns_service_name = dp_opt_get_string(ctx->opts->basic,
                                          SDAP_DNS_SERVICE_NAME);
     DEBUG(7, ("Service name for discovery set to %s\n", dns_service_name));