Description of problem:

When saslauthd is configured to have two ldap servers, say ldap1
and ldap2, and network connection to ldap1 is down after link
between saslauthd and ldap1 is established, it takes about 15 minutes
for saslauthd to detect the network down and start connecting to ldap2 --
it responds to all the authentication requests with user unknown
in the meanwhile.

Version-Release number of selected component (if applicable):

cyrus-sasl-2.1.22-4 in RHEL5.2

How reproducible:

Always

Steps to Reproduce:
1. set up two ldap servers, say ldap1 and ldap2
   ldap1       ldap2       auth
     |           |          |
   ==============================
2. configure saslauthd on another server as follows:
ldap_servers: ldap://ldap1 ldap://ldap2
ldap_filter: uid=%u
ldap_search_base: ou=people,dc=example,dc=com
ldap_bind_dn: cn=binduser,dc=example,dc=com
ldap_password: ******
3. start saslauthd with "-a ldap" option
4. authenticate some requests
5. unplug ldap1 from the network
6. authenticate some more requests

Actual results:

Authentication attempts fails with user unknown error
for more than 10 minutes.

Expected results:

saslauthd resumes authenticating requests after
"ldap_timeout" seconds.

Additional info:

We've tracked down the problem to the version of OpenLDAP (2.3.27)
that doesn't do setsockopt(SO_KEEPALIVE) nor does it honor
LDAP_OPT_TIMEOUT option in ldap_result().

OpenLDAP 2.4 has fixed these problems, and the fix for SO_KEEPALIVE has
been there since 2.3.28, just one revision ahead of the one in RHEL5,
but we still need a little bit of help from saslauthd,
i.e. ldap_set_option(LDAP_OPT_TIMEOUT).  A patch proposal is attached.