diff --git a/src/mod_authn_ldap.c b/src/mod_authn_ldap.c
index b4d482b7..a7fc9c86 100644
--- a/src/mod_authn_ldap.c
+++ b/src/mod_authn_ldap.c
@@ -25,6 +25,7 @@ typedef struct {
     const char *auth_ldap_bindpw;
     const char *auth_ldap_cafile;
     int auth_ldap_starttls;
+    struct timeval auth_ldap_timeout;
 } plugin_config_ldap;
 
 typedef struct {
@@ -117,6 +118,11 @@ static void mod_authn_ldap_merge_config_cpv(plugin_config * const pconf, const c
       case 8: /* auth.backend.ldap.groupmember */
         pconf->auth_ldap_groupmember = cpv->v.b;
         break;
+      case 9: /* auth.backend.ldap.timeout */
+        /*(not implemented as any-scope override;
+         * supported in same scope as auth.backend.ldap.hostname)*/
+        /*pconf->auth_ldap_timeout = cpv->v.b;*/
+        break;
       default:/* should not happen */
         return;
     }
@@ -199,6 +205,9 @@ SETDEFAULTS_FUNC(mod_authn_ldap_set_defaults) {
      ,{ CONST_STR_LEN("auth.backend.ldap.groupmember"),
         T_CONFIG_STRING,
         T_CONFIG_SCOPE_CONNECTION }
+     ,{ CONST_STR_LEN("auth.backend.ldap.timeout"),
+        T_CONFIG_STRING,
+        T_CONFIG_SCOPE_CONNECTION }
      ,{ NULL, 0,
         T_CONFIG_UNSET,
         T_CONFIG_SCOPE_UNSET }
@@ -215,6 +224,7 @@ SETDEFAULTS_FUNC(mod_authn_ldap_set_defaults) {
         plugin_config_ldap *ldc = NULL;
         char *binddn = NULL, *bindpw = NULL, *cafile = NULL;
         int starttls = 0;
+        long timeout = 2000000; /* set 2 sec default timeout (not infinite) */
         for (; -1 != cpv->k_id; ++cpv) {
             switch (cpv->k_id) {
               case 0: /* auth.backend.ldap.hostname */
@@ -285,6 +295,9 @@ SETDEFAULTS_FUNC(mod_authn_ldap_set_defaults) {
               case 7: /* auth.backend.ldap.allow-empty-pw */
               case 8: /* auth.backend.ldap.groupmember */
                 break;
+              case 9: /* auth.backend.ldap.timeout */
+                timeout = strtol(cpv->v.b->ptr, NULL, 10);
+                break;
               default:/* should not happen */
                 break;
             }
@@ -295,6 +308,8 @@ SETDEFAULTS_FUNC(mod_authn_ldap_set_defaults) {
             ldc->auth_ldap_bindpw = bindpw;
             ldc->auth_ldap_cafile = cafile;
             ldc->auth_ldap_starttls = starttls;
+            ldc->auth_ldap_timeout.tv_sec  = timeout / 1000000;
+            ldc->auth_ldap_timeout.tv_usec = timeout % 1000000;
         }
     }
 
@@ -480,6 +495,14 @@ static LDAP * mod_authn_ldap_host_init(log_error_st *errh, plugin_config_ldap *s
     /* restart ldap functions if interrupted by a signal, e.g. SIGCHLD */
     ldap_set_option(ld, LDAP_OPT_RESTART, LDAP_OPT_ON);
 
+  #ifdef LDAP_OPT_NETWORK_TIMEOUT /* OpenLDAP-specific */
+    ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &s->auth_ldap_timeout);
+  #endif
+
+  #ifdef LDAP_OPT_TIMEOUT /* OpenLDAP-specific; OpenLDAP 2.4+ */
+    ldap_set_option(ld, LDAP_OPT_TIMEOUT, &s->auth_ldap_timeout);
+  #endif
+
     if (s->auth_ldap_starttls) {
         /* if no CA file is given, it is ok, as we will use encryption
          * if the server requires a CAfile it will tell us */
@@ -732,6 +755,7 @@ static handler_t mod_authn_ldap_basic(request_st * const r, void *p_d, const htt
         ldc_custom.auth_ldap_binddn = p->conf.auth_ldap_binddn;
         ldc_custom.auth_ldap_bindpw = p->conf.auth_ldap_bindpw;
         ldc_custom.auth_ldap_cafile = p->conf.auth_ldap_cafile;
+        ldc_custom.auth_ldap_timeout= ldc_base->auth_ldap_timeout;
         p->conf.ldc = &ldc_custom;
     }
 
diff --git a/src/mod_vhostdb_ldap.c b/src/mod_vhostdb_ldap.c
index b33d3374..8128ed42 100644
--- a/src/mod_vhostdb_ldap.c
+++ b/src/mod_vhostdb_ldap.c
@@ -32,6 +32,7 @@ typedef struct {
     const char *bindpw;
     const char *cafile;
     unsigned short starttls;
+    struct timeval timeout;
 } vhostdb_config;
 
 typedef struct {
@@ -91,6 +92,7 @@ static int mod_vhostdb_dbconf_setup (server *srv, const array *opts, void **vdat
     const char *attr = "documentRoot";
     const char *basedn=NULL,*binddn=NULL,*bindpw=NULL,*host=NULL,*cafile=NULL;
     unsigned short starttls = 0;
+    long timeout = 2000000; /* set 2 sec default timeout (instead of infinite) */
 
     for (size_t i = 0; i < opts->used; ++i) {
         data_string *ds = (data_string *)opts->data[i];
@@ -113,6 +115,8 @@ static int mod_vhostdb_dbconf_setup (server *srv, const array *opts, void **vdat
             } else if (buffer_is_equal_caseless_string(&ds->key, CONST_STR_LEN("starttls"))) {
                 starttls = !buffer_is_equal_string(&ds->value, CONST_STR_LEN("disable"))
                         && !buffer_is_equal_string(&ds->value, CONST_STR_LEN("0"));
+            } else if (buffer_is_equal_caseless_string(&ds->key, CONST_STR_LEN("timeout"))) {
+                timeout = strtol(ds->value.ptr, NULL, 10);
             }
         }
     }
@@ -153,6 +157,8 @@ static int mod_vhostdb_dbconf_setup (server *srv, const array *opts, void **vdat
         dbconf->bindpw   = bindpw;
         dbconf->cafile   = cafile;
         dbconf->starttls = starttls;
+        dbconf->timeout.tv_sec  = timeout / 1000000;
+        dbconf->timeout.tv_usec = timeout % 1000000;
         *vdata = dbconf;
     }
 
@@ -265,6 +271,14 @@ static LDAP * mod_authn_ldap_host_init(log_error_st *errh, vhostdb_config *s) {
     /* restart ldap functions if interrupted by a signal, e.g. SIGCHLD */
     ldap_set_option(ld, LDAP_OPT_RESTART, LDAP_OPT_ON);
 
+  #ifdef LDAP_OPT_NETWORK_TIMEOUT /* OpenLDAP-specific */
+    ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &s->timeout);
+  #endif
+
+  #ifdef LDAP_OPT_TIMEOUT /* OpenLDAP-specific; OpenLDAP 2.4+ */
+    ldap_set_option(ld, LDAP_OPT_TIMEOUT, &s->timeout);
+  #endif
+
     if (s->starttls) {
         /* if no CA file is given, it is ok, as we will use encryption
          * if the server requires a CAfile it will tell us */