On 12/27/18 6:04 AM, Howard Chu wrote:
The client is closing the connection before slapd has finished sending the response.
Doesn't really mean anything, besides poorly written clients on your network.

1. I've seen this a lot. I would say that over half of all client software LDAP interfaces I've seen do not UNBIND, then close the connection with a FIN, FINACK handshake (TCP client close).

I do not know of any impact on a server level; it just seems slopping to have in the logs, asking people to explain something that may not even be a problem. But I wonder what if any negative impact, let's say if whatever effect was multiplied many times? Clients still have to wait for 2MSL when they do a clean and proper UNBIND + TCP 3way handshake termination. Unless I am mistaken in my understanding of TCP, closing LDAP connections on a frequent basis always has some minor impact, even in the best situations, in that you have a temporarily unusable client port waiting for 2MSL to be able to be used again. Theoretically you could run out of client ports with an extremely (60K+) number of connections. This number of connections is ridiculous though, so this antipattern case may not be realistic at all.

2. I also see a lot of clients that unnecessarily open new connections and close them for every lookup (SEARCH), impolitely or politely with UNBIND/ldap.close() and this is a certain impact that multiplies and can be easily avoided by reusing connections.


Chris Paul
Rex Consulting, Inc
5652 Florence Terrace, Oakland, CA 94611
email: chris.paul@rexconsulting.net
web: http://www.rexconsulting.net
phone, toll-free: +1 (888) 403-8996 ext 1