ExternalAuth LDAP timeout

we had a strange problem today - our users authenticate with their AD
accounts. There are two LDAP servers configured. One of the servers was
offline for a time and users could not login at that time, although most
of the users are from the AD that did work. The logs clearly stated that
the user had successfully authenticated against the first LDAP server,
but tried the other anyway. So the whole process died with timeout.

Here are some specifics from the apache error log:

[1192] [Wed Apr 6 11:53:17 2016] [info]:
RT::Authen::ExternalAuth::LDAP::GetAuth External Auth OK ( LDAP ):
username (/opt/rt4/sbin/…/lib/RT/Authen/ExternalAuth/LDAP.pm:348)
[Wed Apr 06 14:53:52.654654 2016] [fcgid:warn] [pid 934:tid
140136953538304] [client] mod_fcgid: read data
timeout in 40 seconds, referer: https://
[Wed Apr 06 14:53:52.654835 2016] [core:error] [pid 934:tid
140136953538304] [client] End of script output
before headers: rt-server.fcgi, referer: https://

(the difference in time is because rt logs in UTC, not local time zone -
I have not yet tried to figure out why)

There is alot of data in rt.log because I enabled debug, but it
basically says that there was a successful login in the first LDAP and
the tries to bind to the second.

So the questions are:

  1. Is there an option to enable timeout for LDAP logins?
  2. Why does RT even try to login to the second LDAP, if the first
    succeeds? Why couldn’t I login with root?

I have a single queue that email replies are not showing up in the queue. The emails are reaching the machine and maillog shows it being delivered to the queue, but it never shows up in RT.

Has anyone seen this behavior?

I’m using rt 4.2.5

Apr 6 10:23:59 rt postfix/local[21338]: BF63E2201B3: to=messurier@rt.ztechnet.com, relay=local, delay=0.33, delays=0.04/0/0/0.28, dsn=2.0.0, status=sent (delivered to command: /opt/rt4/bin/rt-mailgate --queue Messurier --action correspond --url http://localhost/)