[Date Prev][Date Next]
Re: (ITS#4387) slapd-ldap backend leaks descriptors on closed connections on x86_64
> I've investigated this issue a little bit more. An unusual growth in
> the number of cached connections seems to occur when the client uses the
> same connection to repeatedly bind with different identities.
That's right, the Courier authdaemon uses a single connectioncheck the
password validity of users - it does this by performing bind
operations on this connection.
> point out that in my opinion reusing a bound connection to rebind with a
>different identity sounds like a poor client design.
In my opinion it's a very good design in the given case - the role ot
Courier's authdaemon (among other roles, e.g. account lookup) is to
check validity of user credentials.
It does multiple credential checks on a single LDAP connection to
conserve resources - to test a password, it doesn't need to open a new
LDAP connection every time and then close it .
This is a good design from the performance perspective, and I'd
speculate that LDAP protocol permits multiple bind operations per
connection because its designers have foreseen this usage scenario
(LDAP was designed as a network authentication protocol, among other
Jabber JID: firstname.lastname@example.org
ICQ UIN: 19780575