[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Do you keep opening and closing connections to LDAP?
I don't think what you're trying to do is wrong at all. I think your
firewall admin needs a little talking-to. Even if they want to enforce such
a timeout (sounds silly to me) the firewall ought to be sending a TCP FIN to
both sides to force the connection closed, not just dropping the packets.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Thomas Gagne
> Sent: Monday, December 03, 2001 8:40 PM
> To: openldap list
> Subject: Do you keep opening and closing connections to LDAP?
>
>
> Or do you open one connection and keep reusing?
>
> My application is a server handling requests from hundreds of
> clients. Each
> has their own username/password. When my application starts up
> it connects to
> the LDAP server and rebinds to check username/passwords (when
> sessions with
> the server are created) and also queries the LDAP server to see
> of the user is
> permitted to do the thing they're requesting.
>
> What I discovered is some firewalls have a timeout for LDAP requests (20
> seconds on the one I'm working with). If more than 20 seconds
> elapse between
> transactions my next LDAP connection hangs 'cause the firewall is
> *dropping*
> the packets. I've used netstat and both the server box and the
> LDAP box and
> it shows both computer think there's a connection but the
> firewall has dropped
> it.
>
> So I'm thinking maybe what I'm doing is either non-idiomatic or wrong.
>
> Comments?
>
> --
> .tom
>
>