[Date Prev][Date Next]
Re: time limit on non-idle connections?
On Tue, 8 Mar 2005, Quanah Gibson-Mount wrote:
>--On Tuesday, March 08, 2005 4:14 PM -0600 Eric Irrgang
>> I'd like to shut down my individual load-balanced ldap servers gently so
>> that well-behaved users don't see errors by getting kicked off, but it
>> seems that there are some evil clients creating persistent connections by
>> reissuing a SRCH base="" scope=0 deref=0 filter="(objectClass=*)" just
>> under the idletimeout. The only other time limit I see that I can
>> configure is timelimit which, according to the man page, specifies the
>> "maximum number of seconds (in real time) slapd will spend answering a
>> search request"
>> Is there a way with OpenLDAP 2.2.23 to enable gentlehup and still be able
>> to guarantee that the server will eventually close all connections and
>> shut down one way or the other?
>All clients I've seen exhibiting this behavior will just reconnect to the
>load-balance name without ill effect, if you have them set up to speak to a
>load balance name and not a specific server.
So are you suggesting not using gentlehup at all? I figured that the
bothersome clients would reconnect without error. I'm concerned that
whatever action I take to disconnect them will also cause errors on the
shorter-lived simpler connections, like Perl or shell backends to web
sites or whatever.
Logically, if you wait (timelimit + idletimeout) after issuing a HUP and
then issue a INT if the server is still running, you shouldn't kick off
any non-persistent connections, right? Unless there's some nifty
slapd.conf parameter I'm missing, my approach is going to be something like
kill -HUP $PID
while ps -fp $PID >/dev/null; do
if [ $i -eq $TIMELIMIT ] ; then
kill -INT $PID
i=`expr $i + 1`
-- Eric Irrgang - UT Austin ITS Unix
Systems - (512)475-9342