Comment 0 for bug 1636950

In our deployment when setting up the Identity driver to use an external LDAP backend, if the URL of the LDAP server is incorrect or there is a network connectivity issue, it is seen that the ldap driver would stall indefinately (or until TCP timeout).

This effects both LDAP connection pools and SimpleLDAP

The LDAP configuration stanza (keystone.conf) provides a "pool_connection_timeout" option however this is not used anywhere within the LDAP driver.

We have employed a fix downstream in our deployment which is to use this pool_connection_timeout value and set it as ldap.OPT_NETWORK_TIMEOUT so that the LDAP connection times out at the prescribed value without stalling indefinitely at the LDAP bind.