dirmngr: Use --ldaptimeout for OpenPGP LDAP keyservers.

* dirmngr/ks-engine-ldap.c (my_ldap_connect): Use LDAP_OPT_TIMEOUT.

* dirmngr/dirmngr.c (main): Move --ldaptimeout setting to ...
(parse_rereadable_options): here.
--

Note that this has not yet been tested.  In fact a test with OpenLDAP
using a modified route got stuck in the connection attempt.  Maybe it
works on Windows - will be tested later.

Signed-off-by: Werner Koch <[email protected]>

3 files changed, 27 insertions, 9 deletions

diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 9298cad92..04fe9e238 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -645,6 +645,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       set_dns_timeout (0);
       opt.connect_timeout = 0;
       opt.connect_quick_timeout = 0;
+      opt.ldaptimeout = DEFAULT_LDAP_TIMEOUT;
       ldapserver_list_needs_reset = 1;
       return 1;
     }
@@ -779,6 +780,10 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
       opt.connect_quick_timeout = pargs->r.ret_ulong * 1000;
       break;
 
+    case oLDAPTimeout:
+      opt.ldaptimeout = pargs->r.ret_int;
+      break;
+
     default:
       return 0; /* Not handled. */
     }
@@ -1035,9 +1040,6 @@ main (int argc, char **argv)
 #        endif /*USE_LDAP*/
           break;
 	case oLDAPAddServers: opt.add_new_ldapservers = 1; break;
-	case oLDAPTimeout:
-	  opt.ldaptimeout = pargs.r.ret_int;
-	  break;
 
         case oFakedSystemTime:
           gnupg_set_time ((time_t)pargs.r.ret_ulong, 0);
diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index 01f24fbbc..094a10576 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -313,7 +313,7 @@ ks_ldap_help (ctrl_t ctrl, parsed_uri_t uri)
 {
   const char data[] =
     "Handler for LDAP URLs:\n"
-    "  ldap://HOST:PORT/[BASEDN]???[bindname=BINDNAME,password=PASSWORD]\n"
+    "  ldap://HOST:PORT/[BASEDN]????[bindname=BINDNAME,password=PASSWORD]\n"
     "\n"
     "Note: basedn, bindname and password need to be percent escaped. In\n"
     "particular, spaces need to be replaced with %20 and commas with %2c.\n"
@@ -646,6 +646,20 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
 	goto out;
       }
   }
+  if (opt.ldaptimeout)
+    {
+      int ver = opt.ldaptimeout;
+
+      lerr = ldap_set_option (ldap_conn, LDAP_OPT_TIMELIMIT, &ver);
+      if (lerr != LDAP_SUCCESS)
+        {
+          log_error ("ks-ldap: unable to set LDAP timelimit to %us: %s\n",
+                     opt.ldaptimeout, ldap_err2string (lerr));
+          err = ldap_err_to_gpg_err (lerr);
+          goto out;
+        }
+
+    }
 #endif
 
 
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
index 8ebfea848..c53be6ff9 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
@@ -440,7 +440,7 @@ encoded as Latin-1.  There is no other solution here than to put such a
 password in the binary encoding into the file (i.e. non-ascii characters
 won't show up readable).@footnote{The @command{gpgconf} tool might be
 helpful for frontends as it enables editing this configuration file using
-percent-escaped strings.}jj
+percent-escaped strings.}
 
 
 @item --ldapserver @var{spec}
@@ -448,10 +448,12 @@ percent-escaped strings.}jj
 This is an alternative way to specify LDAP servers for CRL and X.509
 certificate retrieval.  If this option is used the servers configured
 in @file{dirmngr_ldapservers.conf} (or the file given by
-@option{--ldapserverlist-file}) are cleared.  Reloading dirmngr will
-consider these again will in no case use those from
-@file{dirmngr_ldapservers.conf} again.  The @var{spec} is either a
-proper LDAP URL or a colon delimited list of the form
+@option{--ldapserverlist-file}) are cleared.  Note that
+@file{dirmngr_ldapservers.conf} is not read again by a reload
+signal. However, @option{--ldapserver} options are read again.
+
+@var{spec} is either a proper LDAP URL or a colon delimited list of
+the form
 
 @sc{hostname:port:username:password:base_dn:flags:}