LDAP and timeLimit Value

Daniel Fisher dfisher at vt.edu
Sat Nov 24 11:04:50 EST 2018

On Tue, Nov 20, 2018 at 1:08 PM Ryan Tapp <Ryan.Tapp at csulb.edu> wrote:

> I’m still convinced the issue is ultimately with my new LDAP servers, but
> my question is about that 4 seconds… where is that coming from?

I'm confused by that as well. If you could list the entire configuration
for each scenario we could figure it out.
I just want to note that responseTimeout is a client side setting,
basically give up if you haven't gotten a response yet.
The timeLimit property requests that the server return whatever results
it's accumulated in that time.
While it's a request property the server will also have a default value to
prevent clients from running long searches.
I'd be surprised if your server has a default timeLimit of 4 seconds, as
it's typically configured on the order of minutes, not seconds.
But that is a possibility.
(Note that the IDP configures a default timeLimit of 3 seconds, which still
doesn't explain your 4 seconds.)

--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20181124/50ebef69/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6317 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20181124/50ebef69/attachment.p7s>

More information about the users mailing list