[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: time limit on non-idle connections?





--On Tuesday, March 08, 2005 4:14 PM -0600 Eric Irrgang <erici@motown.cc.utexas.edu> wrote:

I'd like to shut down my individual load-balanced ldap servers gently so
that well-behaved users don't see errors by getting kicked off, but it
seems that there are some evil clients creating persistent connections by
reissuing a SRCH base="" scope=0 deref=0 filter="(objectClass=*)" just
under the idletimeout.  The only other time limit I see that I can
configure is timelimit which, according to the man page, specifies the
"maximum number of seconds (in real time) slapd  will  spend  answering  a
search  request"

Is there a way with OpenLDAP 2.2.23 to enable gentlehup and still be able
to guarantee that the server will eventually close all connections and
shut down one way or the other?

All clients I've seen exhibiting this behavior will just reconnect to the load-balance name without ill effect, if you have them set up to speak to a load balance name and not a specific server.


--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html