Index: nslcd/myldap.c
===================================================================
--- nslcd/myldap.c	(revision 1483)
+++ nslcd/myldap.c	(working copy)
@@ -371,6 +371,46 @@ static int do_sasl_interact(LDAP UNUSED(*ld),unsig
     return rc; \
   }
 
+int set_socket_timeout(int sd, long int sec, long int usec)
+{
+	struct timeval tv;
+	int ret;
+
+	memset(&tv, 0, sizeof(tv));
+	tv.tv_sec = sec;
+	tv.tv_usec = usec;
+
+	ret = setsockopt(sd, SOL_SOCKET, SO_RCVTIMEO, (void *)&tv, sizeof(tv));
+	if (ret)
+	{
+		log_log(LOG_ERR, "set_socket_timeout(SO_RCVTIMEO): %s", strerror(errno));
+		return -1;
+	}
+
+	ret = setsockopt(sd, SOL_SOCKET, SO_SNDTIMEO, (void *)&tv, sizeof(tv));
+	if (ret)
+	{
+		log_log(LOG_ERR, "set_socket_timeout(SO_SNDTIMEO,): %s", strerror(errno));
+		return -1;
+	}
+
+	return 0;
+}
+
+int tls_cb( struct ldap *ld, void *ssl, void *ctx, void *arg )
+{
+	int ret;
+	int sd;
+
+	if (ldap_get_option(ld, LDAP_OPT_DESC, &sd) != LDAP_SUCCESS)
+	{
+    		log_log(LOG_ERR,"tls_cb() could not get socket from session");
+		return -1;
+	}
+
+	return set_socket_timeout(sd, 1, 0); // FIXME hardcoded
+}
+
 /* This function performs the authentication phase of opening a connection.
    The binddn and bindpw parameters may be used to override the authentication
    mechanism defined in the configuration.  This returns an LDAP result
@@ -383,6 +423,11 @@ static int do_bind(LDAP *ld,const char *binddn,con
   struct berval cred;
 #endif /* not HAVE_SASL_INTERACT_T */
 #endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */
+
+	rc = ldap_set_option(ld, LDAP_OPT_X_TLS_CONNECT_CB, tls_cb);
+	if (rc)
+		log_log(LOG_WARNING, "ldap_set_option(LDAP_OPT_X_TLS_CONNECT_CB) returned error: %d", rc);
+
 #ifdef LDAP_OPT_X_TLS
   /* check if StartTLS is requested */
   if (nslcd_cfg->ldc_ssl_on==SSL_START_TLS)