4 files changed, 22 insertions, 2 deletions

diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index 4bcd534c8..76ac02e16 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -42,7 +42,7 @@ struct dp_option ipa_def_ldap_opts[] = {
     { "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_default_authtok_type", DP_OPT_STRING, NULL_STRING, NULL_STRING},
     { "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB },
-    { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER },
+    { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 5 }, NULL_NUMBER },
     { "ldap_network_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
     { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
     { "ldap_tls_reqcert", DP_OPT_STRING, { "hard" }, NULL_STRING },
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index f3fa610e5..eeecc371f 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -130,6 +130,16 @@ int sssm_ipa_id_init(struct be_ctx *bectx,
         goto done;
     }
 
+    /* FIXME: This is a workaround for 1.2.0. In the future, we need to have
+     * separate timeouts for enumeration operations
+     * If enumeration is enabled and the search timeout is less
+     * than 30s, force it to a minimum of 30s.
+     */
+    if(bectx->domain->enumerate &&
+            dp_opt_get_int(ctx->opts->basic, SDAP_SEARCH_TIMEOUT) < 30) {
+        dp_opt_set_int(ctx->opts->basic, SDAP_SEARCH_TIMEOUT, 30);
+    }
+
     if(dp_opt_get_bool(ipa_options->basic, IPA_DYNDNS_UPDATE)) {
         /* Perform automatic DNS updates when the
          * IP address changes.
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 8fcea9677..0257ef638 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -36,7 +36,7 @@ struct dp_option default_basic_opts[] = {
     { "ldap_default_bind_dn", DP_OPT_STRING, NULL_STRING, NULL_STRING },
     { "ldap_default_authtok_type", DP_OPT_STRING, NULL_STRING, NULL_STRING},
     { "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB },
-    { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER },
+    { "ldap_search_timeout", DP_OPT_NUMBER, { .number = 5 }, NULL_NUMBER },
     { "ldap_network_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
     { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
     { "ldap_tls_reqcert", DP_OPT_STRING, { "hard" }, NULL_STRING },
diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c
index 5c6f4b790..af98d8e52 100644
--- a/src/providers/ldap/ldap_init.c
+++ b/src/providers/ldap/ldap_init.c
@@ -82,6 +82,16 @@ int sssm_ldap_id_init(struct be_ctx *bectx,
         goto done;
     }
 
+    /* FIXME: This is a workaround for 1.2.0. In the future, we need to have
+     * separate timeouts for enumeration operations
+     * If enumeration is enabled and the search timeout is less
+     * than 30s, force it to a minimum of 30s.
+     */
+    if(bectx->domain->enumerate &&
+            dp_opt_get_int(ctx->opts->basic, SDAP_SEARCH_TIMEOUT) < 30) {
+        dp_opt_set_int(ctx->opts->basic, SDAP_SEARCH_TIMEOUT, 30);
+    }
+
     dns_service_name = dp_opt_get_string(ctx->opts->basic,
                                          SDAP_DNS_SERVICE_NAME);
     DEBUG(7, ("Service name for discovery set to %s\n", dns_service_name));