[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4387) slapd-ldap backend leaks descriptors on closed connections on x86_64



On Sun, 2006-02-05 at 18:00 +0000, aleksander.adamowski@gmail.com wrote:
> >Let me
> > point out that in my opinion reusing a bound connection to rebind with a
> >different identity sounds like a poor client design.
> 
> In my opinion it's a very good design in the given case - the role ot
> Courier's authdaemon (among other roles, e.g. account lookup) is to
> check validity of user credentials.
> 
> It does multiple credential checks on a single LDAP connection to
> conserve resources - to test a password, it doesn't need to open a new
> LDAP connection every time and then close it .
> 
> This is a good design from the performance perspective, and I'd
> speculate that LDAP protocol permits multiple bind operations per
> connection because its designers have foreseen this usage scenario
> (LDAP was designed as a network authentication protocol, among other
> uses).

I mean: if all it performs is binds then I'd agree; but if it performs
anything else in between, then it's a poor design, because the identity
that's used for the other operations would change after each
(successful) bind.

p.




Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------