[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8142) back-ldap transparent reconnecting is not so transparent

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8142) back-ldap transparent reconnecting is not so transparent
From: hyc@symas.com
Date: Thu, 21 May 2015 00:23:02 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

hyc@symas.com wrote:
> ebackes@symas.com wrote:
>> Full_Name: Emily Backes
>> Version: 2.4
>> OS:
>> URL:
>> Submission from: (NULL) (50.113.67.84)
>>
>>
>> Currently, back-ldap stores credentials in the outbound connection
>> structure.  When that disappears, e.g. from idle-timeout, conn-ttl,
>> network lossage, AD trouble, etc., the connection becomes unbound and
>> AD returns err=1 (Operations error), which isn't enougfofor back-ldap
>> to treat it as LDAP_UNAVAILABLE.
>>
>> Howard reports this is working-as-designed, even if the design is bad.
>> Several ITS filings are still open about this problem; 5110, 6571, and
>> 7464 are all related.

#5110 looks unrelated actually.

>> At a minimum, we should drop the client connection if we can't keep
>> the session stable.
>
> This is not as simple as it sounds. In particular, back-ldap may be part of a
> larger glued tree of backends. A failure to search in the back-ldap context
> should not prevent the rest of the glued tree from being searched, and it
> should not drop the client connection.
>
Fixed now in master.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#8129) ignored config variable autocommit for back-sql
Next by Date: (ITS#8151) test062 sporadically seg faults
Index(es):
- Chronological
- Thread