On 12/27/18 6:04 AM, Howard Chu wrote:
The client is closing the connection before slapd has finished
sending the response.
Doesn't really mean anything, besides poorly written clients on your network.
1. I've seen this a lot. I would say that over half of all client
software LDAP interfaces I've seen do not UNBIND, then close the
connection with a FIN, FINACK handshake (TCP client close).
I do not know of any impact on a server level; it just seems slopping to
have in the logs, asking people to explain something that may not even
be a problem. But I wonder what if any negative impact, let's say if
whatever effect was multiplied many times? Clients still have to wait
for 2MSL when they do a clean and proper UNBIND + TCP 3way handshake
termination. Unless I am mistaken in my understanding of TCP, closing
LDAP connections on a frequent basis always has some minor impact, even
in the best situations, in that you have a temporarily unusable client
port waiting for 2MSL to be able to be used again. Theoretically you
could run out of client ports with an extremely (60K+) number of
connections. This number of connections is ridiculous though, so this
antipattern case may not be realistic at all.
2. I also see a lot of clients that unnecessarily open new connections
and close them for every lookup (SEARCH), impolitely or politely with
UNBIND/ldap.close() and this is a certain impact that multiplies and can
be easily avoided by reusing connections.
Rex Consulting, Inc
5652 Florence Terrace, Oakland, CA 94611
phone, toll-free: +1 (888) 403-8996 ext 1