Use LDAP fallback hosts on connect + bind because with OpenLDAP 2.x ldap_connect() always succeeds but ldap_bind() will fail if host isn't reachable.

Add option for LDAP bind timeout (sets LDAP_OPT_NETWORK_TIMEOUT on PHP > 5.3.0)

config/main.inc.php.dist

@@ -577,6 +577,7 @@ $rcmail_config['ldap_public']['Verisign'] = array(
   'port'          => 389,
   'use_tls'	      => false,
   'ldap_version'  => 3,       // using LDAPv3
+  'network_timeout' => 10,    // The timeout (in seconds) for connect + bind arrempts. This is only supported in PHP >= 5.3.0 with OpenLDAP 2.x
   'user_specific' => false,   // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login.
   // %fu - The full username provided, assumes the username is an email
   //       address, uses the username_domain value if not an email address.

program/lib/Roundcube/rcube_ldap.php

@@ -214,15 +214,16 @@ class rcube_ldap extends rcube_addressbook
         if (empty($this->prop['ldap_version']))
             $this->prop['ldap_version'] = 3;
 
-        foreach ($this->prop['hosts'] as $host)
-        {
+        // try to connect + bind for every host configured
+        // with OpenLDAP 2.x ldap_connect() always succeeds but ldap_bind will fail if host isn't reachable
+        // see http://www.php.net/manual/en/function.ldap-connect.php
+        foreach ($this->prop['hosts'] as $host) {
             $host     = rcube_utils::idn_to_ascii(rcube_utils::parse_host($host));
             $hostname = $host.($this->prop['port'] ? ':'.$this->prop['port'] : '');
 
             $this->_debug("C: Connect [$hostname] [{$this->prop['name']}]");
 
-            if ($lc = @ldap_connect($host, $this->prop['port']))
-            {
+            if ($lc = @ldap_connect($host, $this->prop['port'])) {
                 if ($this->prop['use_tls'] === true)
                     if (!ldap_start_tls($lc))
                         continue;
@@ -233,11 +234,15 @@ class rcube_ldap extends rcube_addressbook
                 $this->prop['host'] = $host;
                 $this->conn = $lc;
 
+                if (!empty($this->prop['network_timeout']))
+                  ldap_set_option($lc, LDAP_OPT_NETWORK_TIMEOUT, $this->prop['network_timeout']);
+
                 if (isset($this->prop['referrals']))
                     ldap_set_option($lc, LDAP_OPT_REFERRALS, $this->prop['referrals']);
-                break;
             }
+            else {
                 $this->_debug("S: NOT OK");
+                continue;
             }
 
             // See if the directory is writeable.
@@ -245,14 +250,6 @@ class rcube_ldap extends rcube_addressbook
                 $this->readonly = false;
             }
 
-        if (!is_resource($this->conn)) {
-            rcube::raise_error(array('code' => 100, 'type' => 'ldap',
-                'file' => __FILE__, 'line' => __LINE__,
-                'message' => "Could not connect to any LDAP server, last tried $hostname"), true);
-
-            return false;
-        }
-
             $bind_pass = $this->prop['bind_pass'];
             $bind_user = $this->prop['bind_user'];
             $bind_dn   = $this->prop['bind_dn'];
@@ -342,6 +339,21 @@ class rcube_ldap extends rcube_addressbook
                 }
             }
 
+            // connection established, we're done here
+            if ($this->ready) {
+                break;
+            }
+
+        }  // end foreach hosts
+
+        if (!is_resource($this->conn)) {
+            rcube::raise_error(array('code' => 100, 'type' => 'ldap',
+                'file' => __FILE__, 'line' => __LINE__,
+                'message' => "Could not connect to any LDAP server, last tried $hostname"), true);
+
+            return false;
+        }
+
         return $this->ready;
     }