[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Do you keep opening and closing connections to LDAP?

I don't think what you're trying to do is wrong at all. I think your
firewall admin needs a little talking-to. Even if they want to enforce such
a timeout (sounds silly to me) the firewall ought to be sending a TCP FIN to
both sides to force the connection closed, not just dropping the packets.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Thomas Gagne
> Sent: Monday, December 03, 2001 8:40 PM
> To: openldap list
> Subject: Do you keep opening and closing connections to LDAP?
> Or do you open one connection and keep reusing?
> My application is a server handling requests from hundreds of
> clients.  Each
> has their own username/password.  When my application starts up
> it connects to
> the LDAP server and rebinds to check username/passwords (when
> sessions with
> the server are created) and also queries the LDAP server to see
> of the user is
> permitted to do the thing they're requesting.
> What I discovered is some firewalls have a timeout for LDAP requests (20
> seconds on the one I'm working with).  If more than 20 seconds
> elapse between
> transactions my next LDAP connection hangs 'cause the firewall is
> *dropping*
> the packets.  I've used netstat and both the server box and the
> LDAP box and
> it shows both computer think there's a connection but the
> firewall has dropped
> it.
> So I'm thinking maybe what I'm doing is either non-idiomatic or wrong.
> Comments?
> --
> .tom