Re: (ITS#4387) slapd-ldap backend leaks descriptors on closed connections on x86_64

[ando@sys-net.it]

On Sun, 2006-02-05 at 18:57 +0000, hyc@symas.com wrote:
> Associations are already changed upon completion of a Bind. But 
> obviously you cannot be sharing a single connection across multiple 
> clients when a Bind occurs, because any outstanding operations will be 
> (and must be) invalidated.

I think a reasonable design would be to allow caching all of those
connections and, on connection destroy, destroy all cached connections
with that connid, i.e. don't limit connection destroy to the pair
connid/authzdn.  This way, if for the same connection the same DN is
used more than once, the cached connection can be exploited.  Mechanisms
like "idle-timeout" and "conn-ttl" (not released yet) can be used to
limit the amount of idle connections out there.  Unfortunately, they
both act when a to be renewed connection is requested, not when it
expires; the latter could be implemented by adding a periodic task that
cycles over the connection tree and takes care of expired connections in
cache.  I'd defer the latter, and provide the former ASAP.  I think a
reasonable approach would be to have ldap_back_conn_cmp() compare on
lc_conn first, then on lc_local_dn (i.e. reverse the current behavior).
ldap_back_conn_destroy() would use a different implementation that just
compares lc_conn, and avl_delete() should be called with it repeatedly,
until no hit occurs.  Reverting the testing sequence above would allow
ordered lookups to be correct in both cases, since cache entry storing
would use the connid/DN check.

p.




Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------