Howard Chu wrote:
So generally, if a load balancer or other traffic shaper is in use that closes connections silently, set a keepalive. Overall the idle timeout has little purpose for back-ldap connections.
Thinking about it some more, there is a valid use case - if you know that a firewall will silently close connections after some time, you can set the idletimeout to a shorter time to prevent it from trying to use a connection that would have died.
From what I can see, proxy will still try to use the connection that has died. ldap_back_getconn() just marks the connection for deletion. From the comment in bind.c:
/* let it be used, but taint/delete it so that no-one else can look it up any further */
Since the TCP connection does not exist, the remote server will just respond TCP RST and thanks to retry fix #9400 a new connection will be created immediately and the operation will succeed.
I wonder if anyone is already looking at adding a task to check for idle connections? If not, I could try, though I'm unsure if that would result in anything and I would certainly need some hand-holding :)
-- Tero