On Fri, 2011-10-07 at 09:47 +0200, Ondrej Valousek wrote:
On 10/06/2011 06:34 PM, Stephen Gallagher wrote:
> Well, the real issue here is that the openldap client libraries that
> we're using are returning a generic error instead of reporting that the
> connection was terminated.
So shall I open a RFE against openldap then?
I'll take care of that sometime soon.
> We don't really want to implement an internal timeout (we
actually
> retain the connection on purpose, so we don't have to go through the
> slow ldap bind on every request). What we want is to be able to notice
> that we received an idle disconnect from the server and reconnect
> (rather than doing what we do now, which is treat it as if the server
> has become unavailable and fail over to the next one).
I do not think this is the best approach - imagine 100+ client
machines bound simultaneously to the single LDAP server. It can easily
run out of resources.
I am also not saying we should close the connection after each
request. We should probably close it actively if being idle for some
time.
I know that for example automounter does not keep the connection open
for this purpose.
Yeah, I'm convinced that we need to allow a configurable idle timeout
for the SSSD LDAP connections. Please log an enhancement ticket upstream
at
https://fedorahosted.org/sssd if you have a Fedora account. If not,
feel free to file a bug on whichever distro is appropriate, and post it
here.
It would be interesting to see what is the general recommendation
regarding this problem.
Anyone from Samba team listening? How it is done in winbind, for
example?
Thanks,
Ondrej
_______________________________________________
sssd-devel mailing list
sssd-devel(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel