[Date Prev][Date Next] [Chronological] [Thread] [Top]

back-ldap connection caching

After running SLAMD against back-ldap I've noticed some problems in the approach - while a single load generator may send multiple requests over a single connection, back-ldap always creates new connections for each incoming Simple Bind, and leaves them available to be shared by other sessions.

Thinking about it, this usage doesn't really make a lot of sense. Any identity that's explicitly binding to back-ldap is necessarily going to be different from any other session's ID. The only sessions that it makes sense to share are those that were implicitly bound because they were authenticated elsewhere, and fell into this backend (via glue, typically) while processing some other request.

So I think this means we should separate out the explicitly bound connections from everything else. They should only live as long as their inbound slapd connection lives, and should only be used by ops from their inbound slapd connection.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/