[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: time limit on non-idle connections?

On Tue, 8 Mar 2005, Quanah Gibson-Mount wrote:

>--On Tuesday, March 08, 2005 4:14 PM -0600 Eric Irrgang
><erici@motown.cc.utexas.edu> wrote:
>> I'd like to shut down my individual load-balanced ldap servers gently so
>> that well-behaved users don't see errors by getting kicked off, but it
>> seems that there are some evil clients creating persistent connections by
>> reissuing a SRCH base="" scope=0 deref=0 filter="(objectClass=*)" just
>> under the idletimeout.  The only other time limit I see that I can
>> configure is timelimit which, according to the man page, specifies the
>> "maximum number of seconds (in real time) slapd  will  spend  answering  a
>> search  request"
>> Is there a way with OpenLDAP 2.2.23 to enable gentlehup and still be able
>> to guarantee that the server will eventually close all connections and
>> shut down one way or the other?
>All clients I've seen exhibiting this behavior will just reconnect to the
>load-balance name without ill effect, if you have them set up to speak to a
>load balance name and not a specific server.

So are you suggesting not using gentlehup at all?  I figured that the
bothersome clients would reconnect without error.  I'm concerned that
whatever action I take to disconnect them will also cause errors on the
shorter-lived simpler connections, like Perl or shell backends to web
sites or whatever.

Logically, if you wait (timelimit + idletimeout) after issuing a HUP and
then issue a INT if the server is still running, you shouldn't kick off
any non-persistent connections, right?  Unless there's some nifty
slapd.conf parameter I'm missing, my approach is going to be something like

kill -HUP $PID
while ps -fp $PID >/dev/null; do
	if [ $i -eq $TIMELIMIT ] ; then
		kill -INT $PID
	i=`expr $i + 1`
	sleep 1

-- Eric Irrgang - UT Austin ITS Unix
Systems - (512)475-9342