diff --git a/CHANGES b/CHANGES
index 94c580e87bc596916467a4682b98e05f79579ee7..888dc5f39a8686f0bcca25618f1cc7bc212e717e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,8 +1,10 @@
 OpenLDAP 2.4 Change Log
 
 OpenLDAP 2.4.19 Engineering
+	Fixed client tools with null timeouts (ITS#6282)
 	Fixed slapadd to warn about missing attrs for replicas (ITS#6281)
 	Fixed slapd tools to allow -n for conversion (ITS#6258)
+	Fixed slapd-ldap with null timeouts (ITS#6282)
 	Fixed slapd-ldif buffer overflow (ITS#6303)
 	Fixed slapo-auditlog comments when modifying (ITS#6286)
 	Fixed slapo-dynlist lock leak (ITS#6308)
diff --git a/clients/tools/common.c b/clients/tools/common.c
index 3ba0e375e7fd144fe1941bb4155a5acf22f2216f..8cbb480eb3561aba19715ed6907007bdd233689e 100644
--- a/clients/tools/common.c
+++ b/clients/tools/common.c
@@ -1420,11 +1420,17 @@ tool_bind( LDAP *ld )
 			}
 		}
 
-		if ( ldap_result( ld, msgid, LDAP_MSG_ALL, NULL, &result ) == -1 ) {
+		rc = ldap_result( ld, msgid, LDAP_MSG_ALL, NULL, &result );
+		if ( rc == -1 ) {
 			tool_perror( "ldap_result", -1, NULL, NULL, NULL, NULL );
 			exit( LDAP_LOCAL_ERROR );
 		}
 
+		if ( rc == 0 ) {
+			tool_perror( "ldap_result", LDAP_TIMEOUT, NULL, NULL, NULL, NULL );
+			exit( LDAP_LOCAL_ERROR );
+		}
+
 		rc = ldap_parse_result( ld, result, &err, &matched, &info, &refs,
 			&ctrls, 1 );
 		if ( rc != LDAP_SUCCESS ) {
diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c
index a725eec162b53120d4a4a16a56a852ee557af059..5bde983dd501369ef4c0e9bd3d71e7488d9ec291 100644
--- a/servers/slapd/back-ldap/config.c
+++ b/servers/slapd/back-ldap/config.c
@@ -2086,7 +2086,10 @@ ldap_back_exop_whoami(
 retry:
 		rs->sr_err = ldap_whoami( lc->lc_ld, ctrls, NULL, &msgid );
 		if ( rs->sr_err == LDAP_SUCCESS ) {
-			if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
+			/* by now, make sure no timeout is used (ITS#6282) */
+			struct timeval tv;
+			tv.tv_sec = -1;
+			if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, &tv, &res ) == -1 ) {
 				ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER,
 					&rs->sr_err );
 				if ( rs->sr_err == LDAP_SERVER_DOWN && doretry ) {
diff --git a/servers/slapd/back-ldap/extended.c b/servers/slapd/back-ldap/extended.c
index 2befcd5f1163a4118f5ca74857b15de35eee3970..88a5174ea451fb5d8880abbdb38e71313a2024e4 100644
--- a/servers/slapd/back-ldap/extended.c
+++ b/servers/slapd/back-ldap/extended.c
@@ -190,7 +190,10 @@ retry:
 
 	if ( rc == LDAP_SUCCESS ) {
 		/* TODO: set timeout? */
-		if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
+		/* by now, make sure no timeout is used (ITS#6282) */
+		struct timeval tv;
+		tv.tv_sec = -1;
+		if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, &tv, &res ) == -1 ) {
 			ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
 			rs->sr_err = rc;
 
@@ -316,7 +319,10 @@ retry:
 
 	if ( rc == LDAP_SUCCESS ) {
 		/* TODO: set timeout? */
-		if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, NULL, &res ) == -1 ) {
+		/* by now, make sure no timeout is used (ITS#6282) */
+		struct timeval tv;
+		tv.tv_sec = -1;
+		if ( ldap_result( lc->lc_ld, msgid, LDAP_MSG_ALL, &tv, &res ) == -1 ) {
 			ldap_get_option( lc->lc_ld, LDAP_OPT_ERROR_NUMBER, &rc );
 			rs->sr_err = rc;