https://bugs.openldap.org/show_bug.cgi?id=10268
Issue ID: 10268 Summary: Operation rate limiting Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: chris.paul@rexconsulting.net Target Milestone: ---
Please consider this request for enhancement. It would be very useful for slapd to have some basic rate limiting per connection or per IP. The monitorConnectionsOpsCompleted counts are available in cn=monitor. A dependency of cn=monitor seems reasonable.
https://bugs.openldap.org/show_bug.cgi?id=10268
--- Comment #1 from Howard Chu hyc@openldap.org --- slapd already has per-connection limits. Any connection is only allowed up to half of slapd's threads in operations at any given time.
https://bugs.openldap.org/show_bug.cgi?id=10268
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | Target Milestone|--- |2.7.0
--- Comment #2 from Quanah Gibson-Mount quanah@openldap.org --- May be worth introducing thresholds for queue times to the code base.
https://bugs.openldap.org/show_bug.cgi?id=10268
--- Comment #3 from Ondřej Kuzník ondra@mistotebe.net --- You can always submit an overlay that tracks requests and enforces a rate-limit. That's probably better than adding functionality into slapd itself (and no dependency on cn=monitor, etc. would be needed).
Happy to guide you if you decide to go this route.
-
openldap-its@openldap.org