[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4387) slapd-ldap backend leaks descriptors on closed connections on x86_64

I've investigated this issue a little bit more.  An unusual growth in
the number of cached connections seems to occur when the client uses the
same connection to repeatedly bind with different identities.  In that
case, each time a new identity binds on the same connection, a new
connection between the proxy and the remote server is created.  This
partially makes sense, from the proxy's point of view, because after a
successful bind that client->proxy connection assumes the new identity,
so a new proxy->remote connection needs be created.  However, a side
effect of this operation sequence is that the client->proxy connection
can no longer act with the old identity, so it should be treated as if a
connection_destroy() was requested.  We could take different behaviors
in this case to prevent an excessive resource use; one that sounds
reasonable to me consists in adding a task that routinely shuts down the
idle connections (much like the client->server "idletimeout") instead of
waiting that a connection is used to check if it timed out.  Let me
point out that in my opinion reusing a bound connection to rebind with a
different identity sounds like a poor client design.


Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it