RE: Centralized LDAP Authentication or Kerberos+LDAP Authentication

["Matthew Hardin" <mhardin@symas.com>]

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org [mailto:owner-openldap-
> software@OpenLDAP.org] On Behalf Of Rich Graves
> Sent: Sunday, August 22, 2004 4:35 PM
> To: openldap-software@OpenLDAP.org
> Subject: Re: Centralized LDAP Authentication or Kerberos+LDAP
> Authentication
> 
> On Mon, 23 Aug 2004, Tony Earnshaw wrote:
> 
> > > Your init script, like redhat's, stops the server with kill -9.
> >
> > RedHat's init procedure does *not*, unless something's seriously wrong
> > with the proggie's init procedure.
> >
> > Please read RedHat's /etc/rc.d/init.d/functions yet again and look for
> > the function 'killproc'.
> 
> Yes. Upon rereading, it's not as bad as I thought, but still has a
> potential problem.
> 
> It allows 5 seconds for TERM to work and then runs KILL.

No, there's a problem there. Five seconds is _way_ too short. Consider that
the Berkeley DB has to flush all of the unwritten transactions to disk, and
that can take a while. The shutdown scripts we ship all give slapd 30
seconds to complete its shutdown and we recommend 60 seconds or more for
busy/large databases.

Matthew Hardin
Symas Corporation
Packaged, certified, and supported LDAP distributions
powered by OpenLDAP: http://www.symas.com