[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: connection pooling in back-ldap?



Just a note - this is actually a fairly intensive project, because it
requires additional multi-threading support in libldap_r that hasn't been
implemented yet. Specifically, pooling multiple incoming operations onto a
single LDAP session requires libldap_r to allow a single LDAP session to be
used by any number of threads concurrently. At present, this capability
doesn't exist. You might get around this using mutexes in back-ldap to
protect each access to an LDAP session, but I haven't looked into it.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: Howard Chu [mailto:hyc@highlandsun.com]

> This has been on my todo list for a while, but I don't know
> when I'll get a chance to write it myself. You're welcome to
> take a run at it. By the way, look into using Unix domain
> sockets for the local connections - ldapi:// ...
>
>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director, Highland Sun
>   http://www.symas.com               http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support
>
> > -----Original Message-----
> > From: owner-openldap-devel@OpenLDAP.org
> > [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of
> Kartik Subbarao
>
> > I'd like to be able to collapse several incoming LDAP
> > connections into a
> > single proxy connection (or a small pool of proxy connections) with
> > back-ldap. I noticed that this doesn't seem to be possible with the
> > current back-ldap implementation, but was wondering if it's
> possibly
> > being considered as an enhancement?
> >
> > Here's the scenario, to better explain what I'm looking to do. I'm
> > working with postfix, which is pretty greedy with opening up LDAP
> > connections. Each instance of a postfix SMTP process can
> have several
> > connections open to the specified LDAP server. In reality,
> > all of these
> > connections perform extremely trivial searches (filter is
> > something like
> > mail=foo@host.com, retrieving a mailRoutingAddress type
> > attribute). I'd
> > like to shield my real LDAP servers from receiving all of
> the direct
> > connections from the individual postfix processes. So, I was
> > looking to
> > point postfix to, say, localhost:3890, which would be an
> > openldap proxy
> > running back-ldap. And then the back-ldap would proxy to
> > ldap.corp.com
> > on the back end.
> >
> > Here's a rough sketch:
> >
> > postfix conn=1, op=1 : filter=(mail=abc@host.com)
> > postfix conn=2, op=1 : filter=(mail=def@host.com)
> > postfix conn=3, op=1 : filter=(mail=ghi@host.com)
> >
> > These connections are made to the back-ldap proxy by postfix. The
> > back-ldap proxy should turn this into the following (in the
> case of a
> > single pooled connection):
> >
> > proxy conn=1, op=1 : filter=(mail=abc@host.com)
> > proxy conn=1, op=2 : filter=(mail=def@host.com)
> > proxy conn=1, op=3 : filter=(mail=ghi@host.com)
> >
> > Is something like this possible? Any interest in adding it to the
> > back-ldap functionality? I know I could probably hack my own with
> > back-perl or somesuch, but it'd be nice to have this feature :-)
> >
> > Thanks,
> >
> > 	-Kartik
> >
> >
> >
>