[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Do you keep opening and closing connections to LDAP?
Hi,
The only sure way I find is to use a non-blocking read.
Yves
========== cut here ==========
static flag IsSocketAvailable(const int fd)
ssize_t nbytes;
char c;
assert(fd>=0);
if (fd < 0){
return FALSE;
}
set_fl(fd,O_NONBLOCK);
nbytes = read(fd,&c,(size_t)1);
if (nbytes==0){
/* EOF */
clr_fl(fd,O_NONBLOCK);
return FALSE;
}
if (nbytes>0){
/* Il y a des donnees: c'est anormal! */
clr_fl(fd,O_NONBLOCK);
return FALSE;
}
if (errno==EAGAIN
#if defined(EWOULDBLOCK) && EWOULDBLOCK!=EAGAIN
|| errno==EWOULDBLOCK
#endif /* defined(EWOULDBLOCK) && EWOULDBLOCK!=EAGAIN */
){
/* No data was immediately available */
clr_fl(fd,O_NONBLOCK);
return TRUE;
}
if (errno==EPIPE
/* EPIPE n'est retourne que par write() */
#ifdef ECONNRESET
|| errno==ECONNRESET /* Connection reset by peer */
#endif /* ECONNRESET */
#ifdef ECONNABORT
|| errno==ECONNABORT /* Software caused connection abort */
#endif /* ECONNABORT */
#ifdef ECONNREFUSED
|| errno==ECONNREFUSED /* Connection refused */
#endif /* ECONNREFUSED */
#ifdef ETIMEDOUT
|| errno==ETIMEDOUT /* Connection timed out */
#endif /* ETIMEDOUT */
|| errno == EHOSTUNREACH /* No route to host */
){
clr_fl(fd,O_NONBLOCK);
return FALSE;
}
if (errno==EINTR || errno==EIO || errno==EINVAL || errno==EBADF ||
errno==EFAULT || errno==EISDIR){
err_ret("SYSTEM ERROR:IsSocketAvalaible:read failed on socket %d",fd);
clr_fl(fd,O_NONBLOCK);
return FALSE;
}
err_ret("IsSocketAvalaible:read failed on socket %d",fd);
clr_fl(fd,O_NONBLOCK);
return FALSE;
}
========== cut here ==========
> -----Message d'origine-----
> De : owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]De la part de Prune
> Envoye : mardi 4 decembre 2001 09:39
> A : Howard Chu
> Cc : tgagne@efinnet.com; openldap list
> Objet : Re: Do you keep opening and closing connections to LDAP?
>
>
> Hi,
>
> Howard Chu wrote:
>
> >I don't think what you're trying to do is wrong at all. I think your
> >firewall admin needs a little talking-to. Even if they want to
> enforce such
> >a timeout (sounds silly to me) the firewall ought to be sending
> a TCP FIN to
> >both sides to force the connection closed, not just dropping the packets.
> >
> sometimes it's not wanted... but many firewalls have session limits, and
> flush older connexions periodicaly... It's happening where I work... you
> can't have an ssh longer than 30 secs :/
> The biggest problem is you can't know if the opened socket is still
> valid or not. The only way seems to be sending some data and waiting for
> an answer, error or timeout... then, re-open the socket. I'm not a
> developper... but it's how it seems to be.
> Check your net admin. change your firewall or your admin. If you can't,
> find a new job where internet is taken seriously :)
>
> Cheers,
>
> Prune
>
> >
> >
> > -- Howard Chu
> > Chief Architect, Symas Corp. Director, Highland Sun
> > http://www.symas.com http://highlandsun.com/hyc
> > Symas: Premier OpenSource Development and Support
> >
> >>-----Original Message-----
> >>From: owner-openldap-software@OpenLDAP.org
> >>[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Thomas Gagne
> >>Sent: Monday, December 03, 2001 8:40 PM
> >>To: openldap list
> >>Subject: Do you keep opening and closing connections to LDAP?
> >>
> >>
> >>Or do you open one connection and keep reusing?
> >>
> >>My application is a server handling requests from hundreds of
> >>clients. Each
> >>has their own username/password. When my application starts up
> >>it connects to
> >>the LDAP server and rebinds to check username/passwords (when
> >>sessions with
> >>the server are created) and also queries the LDAP server to see
> >>of the user is
> >>permitted to do the thing they're requesting.
> >>
> >>What I discovered is some firewalls have a timeout for LDAP requests (20
> >>seconds on the one I'm working with). If more than 20 seconds
> >>elapse between
> >>transactions my next LDAP connection hangs 'cause the firewall is
> >>*dropping*
> >>the packets. I've used netstat and both the server box and the
> >>LDAP box and
> >>it shows both computer think there's a connection but the
> >>firewall has dropped
> >>it.
> >>
> >>So I'm thinking maybe what I'm doing is either non-idiomatic or wrong.
> >>
> >>Comments?
> >>
> >>--
> >>.tom
> >>
> >>
> >
>
>
>