[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4387) slapd-ldap backend leaks descriptors on closed connections on x86_64

> I've investigated this issue a little bit more.  An unusual growth in
> the number of cached connections seems to occur when the client uses the
> same connection to repeatedly bind with different identities.

That's right, the Courier authdaemon uses a single connectioncheck the
password validity of users - it does this by performing bind
operations on this connection.

>Let me
> point out that in my opinion reusing a bound connection to rebind with a
>different identity sounds like a poor client design.

In my opinion it's a very good design in the given case - the role ot
Courier's authdaemon (among other roles, e.g. account lookup) is to
check validity of user credentials.

It does multiple credential checks on a single LDAP connection to
conserve resources - to test a password, it doesn't need to open a new
LDAP connection every time and then close it .

This is a good design from the performance perspective, and I'd
speculate that LDAP protocol permits multiple bind operations per
connection because its designers have foreseen this usage scenario
(LDAP was designed as a network authentication protocol, among other

Best Regards,
    Aleksander Adamowski
        Jabber JID: olo@jabber.altkom.pl
        GG#: 274614
        ICQ UIN: 19780575