[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#4440) Feature Request: Addition to the 'limits' command, 'idle' that allows you to override the default idletimeout
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#4440) Feature Request: Addition to the 'limits' command, 'idle' that allows you to override the default idletimeout
- From: ando@sys-net.it
- Date: Mon, 20 Mar 2006 14:48:03 GMT
> Full_Name: Quanah Gibson-Mount
> Version: NA
> OS: NA
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (171.66.155.86)
>
>
> A lot of the slapd.conf limitation settings allow you to override them
> using the
> "limits" command.
>
> For example, I can allow particular dn's or groups to have an unlimited
> sizelimit even if my default sizelimit is 500, or they can have unlimited
> time
> to perform searches. However, there does not seem to be a way to override
> the
> idletimeout setting for particular dns/groups.
>
> Having this capability would be very useful (I want to allow some
> particular
> clients to have persistent connections without having to rebind every 30
> seconds).
Something like
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
diff -u -r1.350 connection.c
--- servers/slapd/connection.c 8 Mar 2006 04:54:10 -0000 1.350
+++ servers/slapd/connection.c 20 Mar 2006 14:38:30 -0000
@@ -401,13 +401,27 @@
c != NULL;
c = connection_next( c, &connindex ) )
{
+ int idletimeout = global_idletimeout;
+
/* Don't timeout a slow-running request or a persistent
* outbound connection */
if( c->c_n_ops_executing || c->c_conn_state ==
SLAP_C_CLIENT ) {
continue;
}
- if( difftime( c->c_activitytime+global_idletimeout, now) <
0 ) {
+#ifdef SLAP_LIMITS_IDLE
+ {
+ struct slap_limits_set *l;
+
+ /* FIXME: limits_get() needs non-null op;
+ * slap_limits_set has no lms_idletimeout
+ * member yet */
+ limits_get( NULL, &c->c_ndn, &l );
+ timeout = l->lms_idletimeout;
+ }
+#endif /* SLAP_LIMITS_IDLE */
+
+ if ( difftime( c->c_activitytime + idletimeout, now ) < 0 ) {
/* close it */
connection_closing( c, "idletimeout" );
connection_close( c );
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
... plus lots of stuff to have a working Operation * structure passed to
limits_get, so that groups and other means to collect limits based on
internal operations work. I note that connections have no notion of a
backend serving them; it might be appropriate to consider the authorizing
backend since the limit is based on the DN of the connection.
I wonder if it's worth the effort, though.
>
> I envision something like:
>
> limits dn.exact="cn=blah,dc=stanford,dc=edu" time.soft=unlimited
> time.hard=unlimited size.soft=unlimited size.hard=unlimited
> idle.soft=unlimited
> idle.hard=unlimited
>
> (if it makes sense to have both a hard and soft limit on idle)
It doesn't seem to make much sense to me.
p.
Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati@sys-net.it
------------------------------------------