[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4420) Hanging CLOSE_WAIT connections in ldap-backend

ando@sys-net.it wrote:
> I have no clear idea as per why this happens; back-ldap refreshes
> connections when a LDAP_SERVER_DOWN is returned; the fact that your logs
> report a LDAP_UNAVAILABLE (52), which is exactly the ldap response code
> mapping of the client library error LDAP_SERVER_DOWN, seems to indicate
> that the error is detected correctly, but connection refresh for some
> reason doesn't occur.  I note that the correct handling of these
> conditions, as far as they can be reproduced, is routinely tested
> (partly in the test suite, partly in a private test suite that we
> routinely run at SysNet), so I'm positive the software is working as
> intended.

I believe the code now in back-ldap is broken. If you do a "grep 
do_retry" in the back-ldap source you'll note that some of the modules 
are testing for LDAP_UNAVAILABLE and some are testing for 
LDAP_SERVER_DOWN. This inconsistency points to another logic problem - 
the LDAP_UNAVAILABLE code should only be present after mapping has 
occurred, but the retry needs to be invoked before mapping. Note that 
ldap_back_op_result will send a result code to the client, so even if 
back-ldap actually retries the operation, the client will have already 
gone away.

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/