From 2c4c00839aeb765f82c10b78771413f6741990ba Mon Sep 17 00:00:00 2001
From: Dominik George <dominik.george@teckids.org>
Date: Fri, 24 Dec 2021 21:15:44 +0100
Subject: [PATCH] Limit LDAP network timeout

---
 CHANGELOG.rst            | 2 ++
 aleksis/core/settings.py | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 408656047..e7975bfbe 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -24,6 +24,8 @@ Fixed
 * Show all years in a 200 year range around the current year in date pickers
 * Imprint is now called "Imprint" and not "Impress".
 * Logo files weren't uploaded to public namespace.
+* Limit LDAP network timeouts to not hang indefinitely on login if LDAP
+  server is unreachable
 
 Changed
 ~~~~~~~
diff --git a/aleksis/core/settings.py b/aleksis/core/settings.py
index 94971e5c5..4b49ed50c 100644
--- a/aleksis/core/settings.py
+++ b/aleksis/core/settings.py
@@ -405,6 +405,10 @@ if _settings.get("ldap.uri", None):
         PosixGroupType,
     )
 
+    AUTH_LDAP_GLOBAL_OPTIONS = {
+        ldap.OPT_NETWORK_TIMEOUT: _settings.get("ldap.network_timeout", 3),
+    }
+
     # Enable Django's integration to LDAP
     AUTHENTICATION_BACKENDS.append("aleksis.core.util.ldap.LDAPBackend")
 
-- 
GitLab