1 diff --git a/CHANGELOG b/CHANGELOG
2 index 9a2a8c1..933b1a1 100644
6 - add SEARCH_BASE configuration option.
7 - work around segv at exit due to libxml2 tsd usage.
8 - re-read config on HUP signal.
9 +- add LDAP_URI, LDAP_TIMEOUT and LDAP_NETWORK_TIMEOUT configuration options.
11 18/06/2007 autofs-5.0.2
12 -----------------------
13 diff --git a/include/defaults.h b/include/defaults.h
14 index 0984b1c..46393d9 100644
15 --- a/include/defaults.h
16 +++ b/include/defaults.h
18 #define DEFAULT_BROWSE_MODE 1
19 #define DEFAULT_LOGGING 0
21 -#define DEFAULT_LDAP_SERVER NULL
22 +#define DEFAULT_LDAP_TIMEOUT -1
23 +#define DEFAULT_LDAP_NETWORK_TIMEOUT 8
25 #define DEFAULT_MAP_OBJ_CLASS "nisMap"
26 #define DEFAULT_ENTRY_OBJ_CLASS "nisObject"
27 @@ -46,6 +47,10 @@ unsigned int defaults_get_timeout(void);
28 unsigned int defaults_get_browse_mode(void);
29 unsigned int defaults_get_logging(void);
30 const char *defaults_get_ldap_server(void);
31 +unsigned int defaults_get_ldap_timeout(void);
32 +unsigned int defaults_get_ldap_network_timeout(void);
33 +struct list_head *defaults_get_uris(void);
34 +void defaults_free_uris(struct list_head *);
35 struct ldap_schema *defaults_get_default_schema(void);
36 struct ldap_schema *defaults_get_schema(void);
37 struct ldap_searchdn *defaults_get_searchdns(void);
38 diff --git a/include/lookup_ldap.h b/include/lookup_ldap.h
39 index 1a924be..ca8d658 100644
40 --- a/include/lookup_ldap.h
41 +++ b/include/lookup_ldap.h
42 @@ -18,6 +18,11 @@ struct ldap_schema {
48 + struct list_head list;
51 struct ldap_searchdn {
53 struct ldap_searchdn *next;
54 @@ -30,6 +35,8 @@ struct lookup_context {
58 + unsigned int timeout;
59 + unsigned int network_timeout;
61 /* LDAP version 2 or 3 */
63 @@ -37,7 +44,17 @@ struct lookup_context {
64 /* LDAP lookup configuration */
65 struct ldap_schema *schema;
67 - /* List of base dns for searching */
69 + * List of servers and base dns for searching.
70 + * uri is the list of servers to attempt connection to and is
71 + * used only if server, above, is NULL. The head of the list
72 + * is the server which we are currently connected to.
73 + * cur_host tracks chnages to connected server, triggering
74 + * a scan of basedns when it changes.
75 + * sdns is the list of basdns to check, done in the order
76 + * given in configuration.
78 + struct list_head *uri;
80 struct ldap_searchdn *sdns;
82 @@ -77,7 +94,7 @@ struct lookup_context {
83 #define LDAP_AUTH_AUTODETECT 0x0004
86 -LDAP *init_ldap_connection(struct lookup_context *ctxt);
87 +LDAP *init_ldap_connection(const char *uri, struct lookup_context *ctxt);
88 int unbind_ldap_connection(LDAP *ldap, struct lookup_context *ctxt);
89 int authtype_requires_creds(const char *authtype);
91 diff --git a/lib/defaults.c b/lib/defaults.c
92 index 7da4631..bf1ceed 100644
100 #include "defaults.h"
101 #include "lookup_ldap.h"
104 #define ENV_NAME_BROWSE_MODE "BROWSE_MODE"
105 #define ENV_NAME_LOGGING "LOGGING"
107 -#define ENV_LDAP_SERVER "LDAP_SERVER"
108 +#define LDAP_URI "LDAP_URI"
109 +#define ENV_LDAP_TIMEOUT "LDAP_TIMEOUT"
110 +#define ENV_LDAP_NETWORK_TIMEOUT "LDAP_NETWORK_TIMEOUT"
112 #define SEARCH_BASE "SEARCH_BASE"
115 #define ENV_AUTH_CONF_FILE "AUTH_CONF_FILE"
117 static const char *default_master_map_name = DEFAULT_MASTER_MAP_NAME;
118 -static const char *default_ldap_server = DEFAULT_LDAP_SERVER;
119 static const char *default_auth_conf_file = DEFAULT_AUTH_CONF_FILE;
121 static char *get_env_string(const char *name)
122 @@ -178,6 +180,99 @@ static int parse_line(char *line, char **res, char **value)
126 +void defaults_free_uris(struct list_head *list)
128 + struct list_head *next;
129 + struct ldap_uri *uri;
131 + if (list_empty(list)) {
137 + while (next != list) {
138 + uri = list_entry(next, struct ldap_uri, list);
140 + list_del(&uri->list);
149 +static unsigned int add_uris(char *value, struct list_head *list)
151 + char *str, *tok, *ptr = NULL;
152 + size_t len = strlen(value);
157 + strcpy(str, value);
159 + tok = strtok_r(str, " ", &ptr);
161 + struct ldap_uri *new;
164 + new = malloc(sizeof(struct ldap_uri));
173 + list_add_tail(&new->list, list);
176 + tok = strtok_r(NULL, " ", &ptr);
182 +struct list_head *defaults_get_uris(void)
185 + char buf[MAX_LINE_LEN];
187 + struct list_head *list;
189 + f = fopen(DEFAULTS_CONFIG_FILE, "r");
193 + list = malloc(sizeof(struct list_head));
198 + INIT_LIST_HEAD(list);
200 + while ((res = fgets(buf, MAX_LINE_LEN, f))) {
203 + if (!parse_line(res, &key, &value))
206 + if (!strcasecmp(res, LDAP_URI))
207 + add_uris(value, list);
210 + if (list_empty(list)) {
220 * Read config env variables and check they have been set.
222 @@ -205,7 +300,8 @@ unsigned int defaults_read_config(void)
223 check_set_config_value(key, ENV_NAME_TIMEOUT, value) ||
224 check_set_config_value(key, ENV_NAME_BROWSE_MODE, value) ||
225 check_set_config_value(key, ENV_NAME_LOGGING, value) ||
226 - check_set_config_value(key, ENV_LDAP_SERVER, value) ||
227 + check_set_config_value(key, ENV_LDAP_TIMEOUT, value) ||
228 + check_set_config_value(key, ENV_LDAP_NETWORK_TIMEOUT, value) ||
229 check_set_config_value(key, ENV_NAME_MAP_OBJ_CLASS, value) ||
230 check_set_config_value(key, ENV_NAME_ENTRY_OBJ_CLASS, value) ||
231 check_set_config_value(key, ENV_NAME_MAP_ATTR, value) ||
232 @@ -284,15 +380,26 @@ unsigned int defaults_get_logging(void)
236 -const char *defaults_get_ldap_server(void)
237 +unsigned int defaults_get_ldap_timeout(void)
242 - server = get_env_string(ENV_LDAP_SERVER);
244 - return default_ldap_server;
245 + res = get_env_number(ENV_LDAP_TIMEOUT);
247 + res = DEFAULT_LDAP_TIMEOUT;
249 - return (const char *) server;
253 +unsigned int defaults_get_ldap_network_timeout(void)
257 + res = get_env_number(ENV_LDAP_NETWORK_TIMEOUT);
259 + res = DEFAULT_LDAP_NETWORK_TIMEOUT;
264 struct ldap_schema *defaults_get_default_schema(void)
265 diff --git a/man/auto.master.5.in b/man/auto.master.5.in
266 index 0cb2f07..68447e0 100644
267 --- a/man/auto.master.5.in
268 +++ b/man/auto.master.5.in
269 @@ -230,10 +230,27 @@ values must be set, any partial schema specification will be ignored.
271 The configuration settings available are:
274 +Set the network response timeout (default 8).
275 +Set timeout value for the synchronous API calls. The default is the LDAP
276 +library default of an infinite timeout.
278 +.B LDAP_NETWORK_TIMEOUT
279 +Set the network response timeout (default 8).
282 +A space seperated list of server uris of the form <proto>://<server>[/]
283 +where <proto> can be ldap or ldaps. The option can be given multiple times.
284 +Map entries that include a server name override this option and it is then
285 +not used. Default is an empty list in which case either the server given
286 +in a map entry or the LDAP configured default is used. This uri list is read at
287 +startup and whenever the daemon receives a HUP signal.
290 The base dn to use when searching for amap base dn. This entry may be
291 given multiple times and each will be checked for a map base dn in
292 -the order they occur in the configuration.
293 +the order they occur in the configuration. The search base list is read
294 +at startup and whenever the daemon recieves a HUP signal.
297 The map object class. In the \fBnisMap\fP schema this corresponds to the class
298 diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c
299 index 2baf8b8..4068561 100644
300 --- a/modules/lookup_ldap.c
301 +++ b/modules/lookup_ldap.c
302 @@ -49,6 +49,8 @@ static struct ldap_schema common_schema[] = {
304 static unsigned int common_schema_count = sizeof(common_schema)/sizeof(struct ldap_schema);
306 +static LDAP *auth_init(const char *, struct lookup_context *);
308 int bind_ldap_anonymous(LDAP *ldap, struct lookup_context *ctxt)
311 @@ -59,10 +61,18 @@ int bind_ldap_anonymous(LDAP *ldap, struct lookup_context *ctxt)
312 rv = ldap_simple_bind_s(ldap, NULL, NULL);
314 if (rv != LDAP_SUCCESS) {
316 - MODPREFIX "Unable to bind to the LDAP server: "
317 - "%s, error %s", ctxt->server ? "" : "(default)",
318 - ldap_err2string(rv));
321 + MODPREFIX "Unable to bind to the LDAP server: "
322 + "%s, error %s", ctxt->server ? "" : "(default)",
323 + ldap_err2string(rv));
325 + struct ldap_uri *uri;
326 + uri = list_entry(ctxt->uri->next, struct ldap_uri, list);
328 + MODPREFIX "Unable to bind to the LDAP server: "
329 + "%s, error %s", uri->uri, ldap_err2string(rv));
334 @@ -98,20 +108,21 @@ int unbind_ldap_connection(LDAP *ldap, struct lookup_context *ctxt)
338 -LDAP *init_ldap_connection(struct lookup_context *ctxt)
339 +LDAP *init_ldap_connection(const char *uri, struct lookup_context *ctxt)
343 + struct timeval timeout = { ctxt->timeout, 0 };
344 + struct timeval net_timeout = { ctxt->network_timeout, 0 };
349 /* Initialize the LDAP context. */
350 - rv = ldap_initialize(&ldap, ctxt->server);
351 + rv = ldap_initialize(&ldap, uri);
352 if (rv != LDAP_OPT_SUCCESS) {
354 MODPREFIX "couldn't initialize LDAP connection to %s",
355 - ctxt->server ? ctxt->server : "default server");
356 + uri ? uri : "default server");
360 @@ -120,7 +131,7 @@ LDAP *init_ldap_connection(struct lookup_context *ctxt)
361 if (rv != LDAP_OPT_SUCCESS) {
362 /* fall back to LDAPv2 */
363 ldap_unbind_ext(ldap, NULL, NULL);
364 - rv = ldap_initialize(&ldap, ctxt->server);
365 + rv = ldap_initialize(&ldap, uri);
366 if (rv != LDAP_OPT_SUCCESS) {
367 crit(LOGOPT_ANY, MODPREFIX "couldn't initialize LDAP");
369 @@ -128,12 +139,22 @@ LDAP *init_ldap_connection(struct lookup_context *ctxt)
373 - /* Sane network connection timeout */
374 - rv = ldap_set_option(ldap, LDAP_OPT_NETWORK_TIMEOUT, &timeout);
376 + if (ctxt->timeout != -1) {
377 + /* Set synchronous call timeout */
378 + rv = ldap_set_option(ldap, LDAP_OPT_TIMEOUT, &timeout);
379 + if (rv != LDAP_OPT_SUCCESS)
380 + info(LOGOPT_ANY, MODPREFIX
381 + "failed to set synchronous call timeout to %d",
385 + /* Sane network timeout */
386 + rv = ldap_set_option(ldap, LDAP_OPT_NETWORK_TIMEOUT, &net_timeout);
387 if (rv != LDAP_OPT_SUCCESS)
389 MODPREFIX "failed to set connection timeout to %d",
391 + net_timeout.tv_sec);
395 @@ -159,7 +180,7 @@ LDAP *init_ldap_connection(struct lookup_context *ctxt)
398 ctxt->use_tls = LDAP_TLS_DONT_USE;
399 - ldap = init_ldap_connection(ctxt);
400 + ldap = init_ldap_connection(uri, ctxt);
402 ctxt->use_tls = LDAP_TLS_INIT;
404 @@ -271,7 +292,7 @@ static int get_query_dn(LDAP *ldap, struct lookup_context *ctxt, const char *cla
405 e = ldap_first_entry(ldap, result);
407 dn = ldap_get_dn(ldap, e);
408 - debug(LOGOPT_NONE, MODPREFIX "query dn %s", dn);
409 + debug(LOGOPT_NONE, MODPREFIX "found query dn %s", dn);
412 MODPREFIX "query succeeded, no matches for %s",
413 @@ -378,16 +399,11 @@ static int find_query_dn(LDAP *ldap, struct lookup_context *ctxt)
417 -static LDAP *do_connect(struct lookup_context *ctxt)
418 +static int do_bind(LDAP *ldap, struct lookup_context *ctxt)
421 char *host = NULL, *nhost;
422 int rv, need_base = 1;
424 - ldap = init_ldap_connection(ctxt);
429 debug(LOGOPT_NONE, "auth_required: %d, sasl_mech %s",
430 ctxt->auth_required, ctxt->sasl_mech);
431 @@ -407,23 +423,19 @@ static LDAP *do_connect(struct lookup_context *ctxt)
432 debug(LOGOPT_NONE, MODPREFIX "ldap anonymous bind returned %d", rv);
436 - unbind_ldap_connection(ldap, ctxt);
442 rv = ldap_get_option(ldap, LDAP_OPT_HOST_NAME, &host);
443 if (rv != LDAP_SUCCESS || !host) {
444 - unbind_ldap_connection(ldap, ctxt);
445 debug(LOGOPT_ANY, "failed to get hostname for connection");
450 nhost = strdup(host);
452 - unbind_ldap_connection(ldap, ctxt);
453 debug(LOGOPT_ANY, "failed to alloc context for hostname");
459 @@ -443,7 +455,7 @@ static LDAP *do_connect(struct lookup_context *ctxt)
467 * If the schema isn't defined in the configuration then check for
468 @@ -452,20 +464,134 @@ static LDAP *do_connect(struct lookup_context *ctxt)
471 if (!find_query_dn(ldap, ctxt)) {
472 - unbind_ldap_connection(ldap, ctxt);
474 MODPREFIX "failed to find valid query dn");
479 const char *class = ctxt->schema->map_class;
480 const char *key = ctxt->schema->map_attr;
481 if (!get_query_dn(ldap, ctxt, class, key)) {
482 - unbind_ldap_connection(ldap, ctxt);
483 error(LOGOPT_ANY, MODPREFIX "failed to get query dn");
491 +static LDAP *do_connect(const char *uri, struct lookup_context *ctxt)
495 + ldap = init_ldap_connection(uri, ctxt);
499 + if (!do_bind(ldap, ctxt)) {
500 + unbind_ldap_connection(ldap, ctxt);
507 +static LDAP *connect_to_server(const char *uri, struct lookup_context *ctxt)
513 + * Determine which authentication mechanism to use if we require
516 + if (ctxt->auth_required & LDAP_AUTH_REQUIRED) {
517 + ldap = auth_init(uri, ctxt);
518 + if (!ldap && ctxt->auth_required & LDAP_AUTH_AUTODETECT)
520 + "no authentication mechanisms auto detected.");
522 + error(LOGOPT_ANY, MODPREFIX
523 + "cannot initialize authentication setup");
527 + if (!do_bind(ldap, ctxt)) {
528 + unbind_ldap_connection(ldap, ctxt);
529 + error(LOGOPT_ANY, MODPREFIX "cannot bind to server");
537 + ldap = do_connect(uri, ctxt);
539 + error(LOGOPT_ANY, MODPREFIX "cannot connect to server");
546 +static LDAP *find_server(struct lookup_context *ctxt)
549 + struct ldap_uri *this;
550 + struct list_head *p;
553 + /* Try each uri in list, add connect fails to tmp list */
554 + p = ctxt->uri->next;
555 + while(p != ctxt->uri) {
556 + this = list_entry(p, struct ldap_uri, list);
558 + debug(LOGOPT_ANY, "check uri %s", this->uri);
559 + ldap = connect_to_server(this->uri, ctxt);
561 + debug(LOGOPT_ANY, "connexted to uri %s", this->uri);
564 + list_del_init(&this->list);
565 + list_add_tail(&this->list, &tmp);
568 + * Successfuly connected uri (head of list) and untried uris are
569 + * in ctxt->uri list. Make list of remainder and failed uris with
570 + * failed uris at end and assign back to ctxt-uri.
572 + list_splice(ctxt->uri, &tmp);
573 + INIT_LIST_HEAD(ctxt->uri);
574 + list_splice(&tmp, ctxt->uri);
579 +static LDAP *do_reconnect(struct lookup_context *ctxt)
583 + if (ctxt->server || !ctxt->uri) {
584 + ldap = do_connect(ctxt->server, ctxt);
587 + struct ldap_uri *this;
588 + this = list_entry(ctxt->uri->next, struct ldap_uri, list);
589 + ldap = do_connect(this->uri, ctxt);
592 + /* Failed to connect, put at end of list */
593 + list_del_init(&this->list);
594 + list_add_tail(&this->list, ctxt->uri);
597 + autofs_sasl_done(ctxt);
599 + /* Current server failed connect, try the rest */
600 + ldap = find_server(ctxt);
602 + error(LOGOPT_ANY, MODPREFIX "failed to find available server");
606 @@ -760,10 +886,10 @@ out:
607 * information. If there is no configuration file, then we fall back to
608 * trying all supported authentication mechanisms until one works.
610 - * Returns 0 on success, with authtype, user and secret filled in as
611 - * appropriate. Returns -1 on failre.
612 + * Returns ldap connection on success, with authtype, user and secret
613 + * filled in as appropriate. Returns NULL on failre.
615 -int auth_init(struct lookup_context *ctxt)
616 +static LDAP *auth_init(const char *uri, struct lookup_context *ctxt)
620 @@ -776,14 +902,11 @@ int auth_init(struct lookup_context *ctxt)
622 ret = parse_ldap_config(ctxt);
626 - if (ctxt->auth_required & LDAP_AUTH_NOTREQUIRED)
630 - ldap = init_ldap_connection(ctxt);
631 + ldap = init_ldap_connection(uri, ctxt);
637 * Initialize the sasl library. It is okay if user and secret
638 @@ -794,18 +917,12 @@ int auth_init(struct lookup_context *ctxt)
639 * the credential cache and the client and service principals.
641 ret = autofs_sasl_init(ldap, ctxt);
642 - unbind_ldap_connection(ldap, ctxt);
644 ctxt->sasl_mech = NULL;
645 - if (ctxt->auth_required & LDAP_AUTH_AUTODETECT) {
647 - "no authentication mechanisms auto detected.");
659 @@ -1036,6 +1153,8 @@ static void free_context(struct lookup_context *ctxt)
660 free(ctxt->cur_host);
664 + defaults_free_uris(ctxt->uri);
666 defaults_free_searchdns(ctxt->sdns);
668 @@ -1043,6 +1162,30 @@ static void free_context(struct lookup_context *ctxt)
672 +static void validate_uris(struct list_head *list)
674 + struct list_head *next;
677 + while (next != list) {
678 + struct ldap_uri *this;
680 + this = list_entry(next, struct ldap_uri, list);
683 + /* At least we get some basic validation */
684 + if (!ldap_is_ldap_url(this->uri)) {
686 + "removed invalid uri from list, %s", this->uri);
687 + list_del(&this->list);
697 * This initializes a context (persistent non-global data) for queries to
698 * this module. Return zero if we succeed.
699 @@ -1051,7 +1194,6 @@ int lookup_init(const char *mapfmt, int argc, const char *const *argv, void **co
701 struct lookup_context *ctxt;
702 char buf[MAX_ERR_BUF];
707 @@ -1079,33 +1221,42 @@ int lookup_init(const char *mapfmt, int argc, const char *const *argv, void **co
713 - * Determine which authentication mechanism to use. We sanity-
714 - * check by binding to the server temporarily.
716 - ret = auth_init(ctxt);
717 - if (ret && (ctxt->auth_required & LDAP_AUTH_REQUIRED)) {
718 - error(LOGOPT_ANY, MODPREFIX
719 - "cannot initialize authentication setup");
720 - free_context(ctxt);
722 + ctxt->timeout = defaults_get_ldap_timeout();
723 + ctxt->network_timeout = defaults_get_ldap_network_timeout();
725 + if (!ctxt->server) {
726 + struct list_head *uris = defaults_get_uris();
728 + validate_uris(uris);
729 + if (!list_empty(uris))
737 - ldap = do_connect(ctxt);
739 - error(LOGOPT_ANY, MODPREFIX "cannot connect to server");
740 - free_context(ctxt);
742 + if (ctxt->server || !ctxt->uri) {
743 + ldap = connect_to_server(ctxt->server, ctxt);
745 + free_context(ctxt);
749 + ldap = find_server(ctxt);
751 + free_context(ctxt);
752 + error(LOGOPT_ANY, MODPREFIX
753 + "failed to find available server");
757 unbind_ldap_connection(ldap, ctxt);
759 /* Open the parser, if we can. */
760 ctxt->parse = open_parse(mapfmt, MODPREFIX, argc - 1, argv + 1);
762 - crit(LOGOPT_ANY, MODPREFIX "failed to open parse context");
764 + crit(LOGOPT_ANY, MODPREFIX "failed to open parse context");
768 @@ -1153,7 +1304,7 @@ int lookup_read_master(struct master *master, time_t age, void *context)
771 /* Initialize the LDAP context. */
772 - ldap = do_connect(ctxt);
773 + ldap = do_reconnect(ctxt);
775 return NSS_STATUS_UNAVAIL;
777 @@ -1305,7 +1456,7 @@ static int read_one_map(struct autofs_point *ap,
780 /* Initialize the LDAP context. */
781 - ldap = do_connect(ctxt);
782 + ldap = do_reconnect(ctxt);
784 return NSS_STATUS_UNAVAIL;
786 @@ -1536,6 +1687,9 @@ int lookup_read_map(struct autofs_point *ap, time_t age, void *context)
787 if (ret != NSS_STATUS_SUCCESS) {
789 case LDAP_SIZELIMIT_EXCEEDED:
790 + crit(ap->logopt, MODPREFIX
791 + "Unable to download entire LDAP map for: %s",
793 case LDAP_UNWILLING_TO_PERFORM:
794 pthread_setcancelstate(cur_state, NULL);
795 return NSS_STATUS_UNAVAIL;
796 @@ -1612,7 +1766,7 @@ static int lookup_one(struct autofs_point *ap,
799 /* Initialize the LDAP context. */
800 - ldap = do_connect(ctxt);
801 + ldap = do_reconnect(ctxt);
805 diff --git a/redhat/autofs.sysconfig.in b/redhat/autofs.sysconfig.in
806 index 2b1e20a..f01ee5f 100644
807 --- a/redhat/autofs.sysconfig.in
808 +++ b/redhat/autofs.sysconfig.in
809 @@ -23,6 +23,25 @@ BROWSE_MODE="no"
811 # Define base dn for map dn lookup.
813 +# Define server URIs
815 +# LDAP_URI - space seperated list of server uris of the form
816 +# <proto>://<server>[/] where <proto> can be ldap
817 +# or ldaps. The option can be given multiple times.
818 +# Map entries that include a server name override
823 +# LDAP__TIMEOUT - timeout value for the synchronous API calls
824 +# (default is LDAP library default).
828 +# LDAP_NETWORK_TIMEOUT - set the network response timeout (default 8).
830 +#LDAP_NETWORK_TIMEOUT=8
832 # SEARCH_BASE - base dn to use for searching for map search dn.
833 # Multiple entries can be given and they are checked
834 # in the order they occur here.
835 diff --git a/samples/autofs.conf.default.in b/samples/autofs.conf.default.in
836 index 2b1e20a..028341c 100644
837 --- a/samples/autofs.conf.default.in
838 +++ b/samples/autofs.conf.default.in
839 @@ -21,6 +21,25 @@ BROWSE_MODE="no"
843 +# Define server URIs
845 +# LDAP_URI - space seperated list of server uris of the form
846 +# <proto>://<server>[/] where <proto> can be ldap
847 +# or ldaps. The option can be given multiple times.
848 +# Map entries that include a server name override
853 +# LDAP__TIMEOUT - timeout value for the synchronous API calls
854 +# (default is LDAP library default).
858 +# LDAP_NETWORK_TIMEOUT - set the network response timeout (default 8).
860 +#LDAP_NETWORK_TIMEOUT=8
862 # Define base dn for map dn lookup.
864 # SEARCH_BASE - base dn to use for searching for map search dn.