[Date Prev][Date Next] [Chronological] [Thread] [Top]

connection pooling in back-ldap?

I'd like to be able to collapse several incoming LDAP connections into a single proxy connection (or a small pool of proxy connections) with back-ldap. I noticed that this doesn't seem to be possible with the current back-ldap implementation, but was wondering if it's possibly being considered as an enhancement?

Here's the scenario, to better explain what I'm looking to do. I'm working with postfix, which is pretty greedy with opening up LDAP connections. Each instance of a postfix SMTP process can have several connections open to the specified LDAP server. In reality, all of these connections perform extremely trivial searches (filter is something like mail=foo@host.com, retrieving a mailRoutingAddress type attribute). I'd like to shield my real LDAP servers from receiving all of the direct connections from the individual postfix processes. So, I was looking to point postfix to, say, localhost:3890, which would be an openldap proxy running back-ldap. And then the back-ldap would proxy to ldap.corp.com on the back end.

Here's a rough sketch:

postfix conn=1, op=1 : filter=(mail=abc@host.com)
postfix conn=2, op=1 : filter=(mail=def@host.com)
postfix conn=3, op=1 : filter=(mail=ghi@host.com)

These connections are made to the back-ldap proxy by postfix. The back-ldap proxy should turn this into the following (in the case of a single pooled connection):

proxy conn=1, op=1 : filter=(mail=abc@host.com)
proxy conn=1, op=2 : filter=(mail=def@host.com)
proxy conn=1, op=3 : filter=(mail=ghi@host.com)

Is something like this possible? Any interest in adding it to the back-ldap functionality? I know I could probably hack my own with back-perl or somesuch, but it'd be nice to have this feature :-)