[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4387) slapd-ldap backend leaks descriptors on closed connections on x86_64

On 2/5/06, Howard Chu <hyc@symas.com> wrote:
> Explicit binds to the back-ldap database always use a new connection.
> But if you Bind to a user in some other local database and then use that
> identity when searching back-ldap, then a connection for that identity
> will be cached. This behavior is already described in the 2nd paragraph
> of the slapd-ldap(5) manpage. You should rework your configuration if
> you want to take full advantage of the connection caching.

Understood. Still, it doesn't justify slapd-ldap leaking unused
connections to the target server.

And I think that theoretically, connection caching would be possible
even with explicit binds to back-ldap.
It would require some sort of an associative array (a mapping similar
to: (bound identity) --> (connection)), with associations being
changed upon each bind operation for each connection.
A bind operation on proxy's side would check whether a connection to
the target server exists for given bound identity and operation's base
DN, and it such a connection exists, it would use it, otherwise it
would open a new one.
Idle connections would be closed after some time (BTW, the
slapd-ldap's idle-timeout configuration parameter that's responsible
for this could use some reasonable default value instead of the
current "no limit", which makes little sense and is dangerous as I've
discovered myself).

I understand that implementing such connection caching logic would
require a lot of work and analysing lots of edge cases - I just think
this is a good idea for future.

Best Regards,
    Aleksander Adamowski
        Jabber JID: olo@jabber.altkom.pl
        GG#: 274614
        ICQ UIN: 19780575