[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4440) Feature Request: Addition to the 'limits' command, 'idle' that allows you to override the default idletimeout

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4440) Feature Request: Addition to the 'limits' command, 'idle' that allows you to override the default idletimeout
From: ando@sys-net.it
Date: Mon, 20 Mar 2006 14:48:03 GMT

> Full_Name: Quanah Gibson-Mount
> Version: NA
> OS: NA
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (171.66.155.86)
>
>
> A lot of the slapd.conf limitation settings allow you to override them
> using the
> "limits" command.
>
> For example, I can allow particular dn's or groups to have an unlimited
> sizelimit even if my default sizelimit is 500, or they can have unlimited
> time
> to perform searches.  However, there does not seem to be a way to override
> the
> idletimeout setting for particular dns/groups.
>
> Having this capability would be very useful (I want to allow some
> particular
> clients to have persistent connections without having to rebind every 30
> seconds).

Something like

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
diff -u -r1.350 connection.c
--- servers/slapd/connection.c  8 Mar 2006 04:54:10 -0000       1.350
+++ servers/slapd/connection.c  20 Mar 2006 14:38:30 -0000
@@ -401,13 +401,27 @@
                c != NULL;
                c = connection_next( c, &connindex ) )
        {
+               int     idletimeout = global_idletimeout;
+
                /* Don't timeout a slow-running request or a persistent
                 * outbound connection */
                if( c->c_n_ops_executing || c->c_conn_state ==
SLAP_C_CLIENT ) {
                        continue;
                }

-               if( difftime( c->c_activitytime+global_idletimeout, now) <
0 ) {
+#ifdef SLAP_LIMITS_IDLE
+               {
+                       struct slap_limits_set  *l;
+
+                       /* FIXME: limits_get() needs non-null op;
+                        * slap_limits_set has no lms_idletimeout
+                        * member yet */
+                       limits_get( NULL, &c->c_ndn, &l );
+                       timeout = l->lms_idletimeout;
+               }
+#endif /* SLAP_LIMITS_IDLE */
+
+               if ( difftime( c->c_activitytime + idletimeout, now ) < 0 ) {
                        /* close it */
                        connection_closing( c, "idletimeout" );
                        connection_close( c );
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

... plus lots of stuff to have a working Operation * structure passed to
limits_get, so that groups and other means to collect limits based on
internal operations work.  I note that connections have no notion of a
backend serving them; it might be appropriate to consider the authorizing
backend since the limit is based on the DN of the connection.

I wonder if it's worth the effort, though.

>
> I envision something like:
>
> limits dn.exact="cn=blah,dc=stanford,dc=edu" time.soft=unlimited
> time.hard=unlimited size.soft=unlimited size.hard=unlimited
> idle.soft=unlimited
> idle.hard=unlimited
>
> (if it makes sense to have both a hard and soft limit on idle)

It doesn't seem to make much sense to me.

p.



Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------

Prev by Date: Re: (ITS#4427) ldapsearch hangs on slapd (proxycache) with no URI
Next by Date: Re: (ITS#4435) Error installing OpenLDAP during make
Index(es):
- Chronological
- Thread