[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Do you keep opening and closing connections to LDAP?


Howard Chu wrote:

I don't think what you're trying to do is wrong at all. I think your
firewall admin needs a little talking-to. Even if they want to enforce such
a timeout (sounds silly to me) the firewall ought to be sending a TCP FIN to
both sides to force the connection closed, not just dropping the packets.

sometimes it's not wanted... but many firewalls have session limits, and flush older connexions periodicaly... It's happening where I work... you can't have an ssh longer than 30 secs :/
The biggest problem is you can't know if the opened socket is still valid or not. The only way seems to be sending some data and waiting for an answer, error or timeout... then, re-open the socket. I'm not a developper... but it's how it seems to be.
Check your net admin. change your firewall or your admin. If you can't, find a new job where internet is taken seriously :)



 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Thomas Gagne
Sent: Monday, December 03, 2001 8:40 PM
To: openldap list
Subject: Do you keep opening and closing connections to LDAP?

Or do you open one connection and keep reusing?

My application is a server handling requests from hundreds of
clients.  Each
has their own username/password.  When my application starts up
it connects to
the LDAP server and rebinds to check username/passwords (when
sessions with
the server are created) and also queries the LDAP server to see
of the user is
permitted to do the thing they're requesting.

What I discovered is some firewalls have a timeout for LDAP requests (20
seconds on the one I'm working with).  If more than 20 seconds
elapse between
transactions my next LDAP connection hangs 'cause the firewall is
the packets.  I've used netstat and both the server box and the
LDAP box and
it shows both computer think there's a connection but the
firewall has dropped

So I'm thinking maybe what I'm doing is either non-idiomatic or wrong.