[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8142) back-ldap transparent reconnecting is not so transparent

To: openldap-its@OpenLDAP.org
Subject: (ITS#8142) back-ldap transparent reconnecting is not so transparent
From: ebackes@symas.com
Date: Tue, 12 May 2015 23:44:01 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Emily Backes
Version: 2.4
OS: 
URL: 
Submission from: (NULL) (50.113.67.84)


Currently, back-ldap stores credentials in the outbound connection
structure.  When that disappears, e.g. from idle-timeout, conn-ttl,
network lossage, AD trouble, etc., the connection becomes unbound and
AD returns err=1 (Operations error), which isn't enougfofor back-ldap
to treat it as LDAP_UNAVAILABLE.

Howard reports this is working-as-designed, even if the design is bad.
Several ITS filings are still open about this problem; 5110, 6571, and
7464 are all related.

At a minimum, we should drop the client connection if we can't keep
the session stable.  If we keep it open, we need to ensure we can
precisely duplicate the client session-state, including credentials.
(this would be very useful).

Prev by Date: Re: (ITS#8140) ssf is hard coded to log as zero, even if it is non-zero
Next by Date: (ITS#8143) SegV in ~LDAPCtrl()
Index(es):
- Chronological
- Thread