LDAP and timeLimit Value
Ryan.Tapp at csulb.edu
Mon Nov 26 12:01:35 EST 2018
Thanks Peter and Daniel.
Before I get to the specific details asked for, we’re fronting the IdP with httpd (using ajp with Tomcat 8.5.x). Possible that 4 seconds is coming from some httpd mod/setting? I’m checking that aspect this morning, because I agree... must be coming from somewhere between the IdP and LDAP. The AD LDS default timeout is 120 seconds, by the way. If I strike out (again) I’ll be back with specific details. I appreciate the help.
By the way, I found an old 2015 post where Dominique makes reference to “4 seconds” but I can’t tell where that applies in the thread. Using ldapsearch on my IdP with no time out value sends the request with timeLimit = 0 in the packet.
California State University Long Beach
From: users <users-bounces at shibboleth.net> On Behalf Of Daniel Fisher
Sent: Saturday, November 24, 2018 8:05 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: LDAP and timeLimit Value
On Tue, Nov 20, 2018 at 1:08 PM Ryan Tapp <Ryan.Tapp at csulb.edu<mailto:Ryan.Tapp at csulb.edu>> wrote:
I’m still convinced the issue is ultimately with my new LDAP servers, but my question is about that 4 seconds… where is that coming from?
I'm confused by that as well. If you could list the entire configuration for each scenario we could figure it out.
I just want to note that responseTimeout is a client side setting, basically give up if you haven't gotten a response yet.
The timeLimit property requests that the server return whatever results it's accumulated in that time.
While it's a request property the server will also have a default value to prevent clients from running long searches.
I'd be surprised if your server has a default timeLimit of 4 seconds, as it's typically configured on the order of minutes, not seconds.
But that is a possibility.
(Note that the IDP configures a default timeLimit of 3 seconds, which still doesn't explain your 4 seconds.)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users