"Tero Saarni" tero.saarni@est.tech schrieb am 26.11.2020 um 09:48 in
Nachricht 20201126084819.798.54576@hypatia.openldap.org:
Hi,
I understood from slapd-ldap(5) description of "idle-timeout" that cached connections towards remote LDAP server would be automatically dropped after <time> seconds.
Problem: cached connections that are idle do not get dropped.
It may depend on the version, but for us it worked. How did you check that it doesn't work?
Questions:
(1) Is this expected?
(2) Are idle connections kept due to limitation in the implementation: when connection is idle, back-ldap does not have a trigger that could be used to drop idle connections?
Background:
While experimenting with this, it seems that idle timeout is only checked when there is new activity towards the cached connection i.e. connection needs to become active before idle timeout is checked. If the connection just remains idle, nothing will happen.
I'm trying to study the timeout handling in back-ldap code, and I believe I found relevant code at the end of ldap_back_getconn() in bind.c. It will eventually trigger unbind and disconnect, but only when new activity happens after the idle period is reached. I did not find other paths that could trigger unbind of cached connection.
-- Tero