[Date Prev][Date Next]
Re: Do you keep opening and closing connections to LDAP?
Howard Chu wrote:
sometimes it's not wanted... but many firewalls have session limits, and
flush older connexions periodicaly... It's happening where I work... you
can't have an ssh longer than 30 secs :/
I don't think what you're trying to do is wrong at all. I think your
firewall admin needs a little talking-to. Even if they want to enforce such
a timeout (sounds silly to me) the firewall ought to be sending a TCP FIN to
both sides to force the connection closed, not just dropping the packets.
The biggest problem is you can't know if the opened socket is still
valid or not. The only way seems to be sending some data and waiting for
an answer, error or timeout... then, re-open the socket. I'm not a
developper... but it's how it seems to be.
Check your net admin. change your firewall or your admin. If you can't,
find a new job where internet is taken seriously :)
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Thomas Gagne
Sent: Monday, December 03, 2001 8:40 PM
To: openldap list
Subject: Do you keep opening and closing connections to LDAP?
Or do you open one connection and keep reusing?
My application is a server handling requests from hundreds of
has their own username/password. When my application starts up
it connects to
the LDAP server and rebinds to check username/passwords (when
the server are created) and also queries the LDAP server to see
of the user is
permitted to do the thing they're requesting.
What I discovered is some firewalls have a timeout for LDAP requests (20
seconds on the one I'm working with). If more than 20 seconds
transactions my next LDAP connection hangs 'cause the firewall is
the packets. I've used netstat and both the server box and the
LDAP box and
it shows both computer think there's a connection but the
firewall has dropped
So I'm thinking maybe what I'm doing is either non-idiomatic or wrong.