Re: Question: back-ldap connection retrying and rebinding necessary?
Tero Saarni wrote:
Hi,
As a user of slapd-ldap I've bumped into few corner cases related to handling
retries and timeouts [1][2][3][4]. I think it demonstrates how non-trivial
problem proxying really is, even if it might seem quite simple for casual user
at first. While working with a patch for [1] I was wondering following:
My use case:
I have many proxies in the network: one per Kubernetes cluster, but large
number of clusters in the network. I'd like to reduce the number of long-
running connections to centralized server to the absolute minimum. The number
of concurrent TCP connections handled by the remote LDAP server is the
bottleneck. Optimally, all connections should be dropped as soon as client
is done with the LDAP query.
In any heavily loaded environment you'll find that connection establishment
becomes serious overhead in itself. Thus it's better to aim for longer lived
connections that get reused as much as possible.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/