Subject: RE: Saslauthd/LDAP timeout problems
From: Kevin M. Myer (kevin_myer at iu13 dot org)
Date: Tue Feb 04 2003 - 12:05:39 EST
I can see how this would work but I agree its non-optimal. Does
ldap_search_st time from the start of the search or from the start of the LDAP
server's acknowledgement of the search? In other words, if I try to reuse a
connection but a server never responds, will I ever generate a LDAP_TIMEOUT?
I'm guessing its from the time that the function is called, not from the time
the server starts the search...
Regarding caching, I was always under the impression (from the OpenLDAP folks)
that caching functions were broken or extremely buggy and not to use them. Has
that changed recently?
> ----- Message from ramr at inflectiontech dot com ---------
> I have had the same problem and made the following changes in lak.c. I moved
> the LDAP_TIMEOUT and LDAP_TIMELIMIT_EXCEEDED cases down to the next case
> block where it tears down and starts up a new connection on failure.
> This is non-optimal as the teardown destroys the cache but it appears to
> have fixed the problem for us. I'm skeptical that the LDAP caching feature
> is useful anyway- the ldap_bind process is obviously not cached so the
> saslauthd still has to connect to the LDAP server at least once.
> I also suspect this is a TCP keepalive related. The problem never manifests
> itself multiple times on the same daemon process over a few hours of time.
> Ram Rajadhyaksha
> Inflection Technology, LLC
-- Kevin M. Myer Systems Administrator Lancaster-Lebanon Intermediate Unit 13 (717) 560-6140