[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4387) slapd-ldap backend leaks descriptors on closed connections on x86_64



On 2/5/06, Howard Chu <hyc@symas.com> wrote:
> aleksander.adamowski@gmail.com wrote:
> > This is a good design from the performance perspective, and I'd
> > speculate that LDAP protocol permits multiple bind operations per
> > connection because its designers have foreseen this usage scenario
> > (LDAP was designed as a network authentication protocol, among other
> > uses).
>
> Actually not, but it has been used as such simply because it accomodates
> such a rich set of authentication mechanisms.
>
> There's a simple tradeoff here - if you use a single connection for all
> Binds, you must fully serialize the procedure, because the receipt of
> any Bind request automatically aborts any other outstanding requests on
> the connection. If you use multiple connections, you can have multiple
> authentication attempts in progress at once.

This doesn't rule out using each of those multiple connections for
multiple binds, which will give the most throughput and ocncurrency
possible.

And this is exactly what the Courier authdaemon does - it opens
multiple LDAP connections (28 in my case), and binds several times on
each of them.
This enables hich concurrency with minimum overhead stemming from
opening/closing LDAP connections.

--
    Aleksander Adamowski
        Jabber JID: olo@jabber.altkom.pl
        GG#: 274614
        ICQ UIN: 19780575
        http://olo.ab.altkom.pl