On Thu, 2011-10-06 at 18:24 +0200, Ondrej Valousek wrote:
Confirmed - the default timeout for idle LDAP connections is set 900
seconds on AD based ldap servers - so we should be able to close the
connection after some time if nothing else is needed (just to conserve
resources, if not for anything else....).
Well, the real issue here is that the openldap client libraries that
we're using are returning a generic error instead of reporting that the
connection was terminated.
We don't really want to implement an internal timeout (we actually
retain the connection on purpose, so we don't have to go through the
slow ldap bind on every request). What we want is to be able to notice
that we received an idle disconnect from the server and reconnect
(rather than doing what we do now, which is treat it as if the server
has become unavailable and fail over to the next one).