Hello, I have a question, lets say i have web application with ldap authentication. User that log in to page opens new LDAP connection, our LDAP also holds some security attributes per application and they are verified for certain app operations, so connections remains open for a whole time. Question is when user close web browser or suddenly disconnects, will this connection be timed out and closed by server?
Marcin
Marcin S wrote:
I have a question, lets say i have web application with ldap authentication. User that log in to page opens new LDAP connection, our LDAP also holds some security attributes per application and they are verified for certain app operations, so connections remains open for a whole time. Question is when user close web browser or suddenly disconnects, will this connection be timed out and closed by server?
Anyway you're web application has to handle the case that users just close the browser but not the session since there are probably more resources bound by the web session.
Purely for the LDAP server part you probably want to set idletimeout.
From slapd.conf(5):
idletimeout <integer> Specify the number of seconds to wait before forcibly closing an idle client connection. A idletimeout of 0 disables this feature. The default is 0. You may also want to set the writetimeout option.
Ciao, Michael.
On 5/3/2012 2:09 μμ, Marcin S wrote:
I have a question, lets say i have web application with ldap authentication. User that log in to page opens new LDAP connection, our LDAP also holds some security attributes per application and they are verified for certain app operations, so connections remains open for a whole time. Question is when user close web browser or suddenly disconnects, will this connection be timed out and closed by server?
From slapd.conf man:
idletimeout <integer> Specify the number of seconds to wait before forcibly closing an idle client connection. A idletimeout of 0 disables this feature. The default is 0. You may also want to set the writetimeout option.
A web app is a single client to ldap server, no matter how many http clients there are to the web app.
Regards, Nick
2012/3/5 Michael Ströder michael@stroeder.com:
Marcin S wrote:
I have a question, lets say i have web application with ldap authentication. User that log in to page opens new LDAP connection, our LDAP also holds some security attributes per application and they are verified for certain app operations, so connections remains open for a whole time. Question is when user close web browser or suddenly disconnects, will this connection be timed out and closed by server?
Anyway you're web application has to handle the case that users just close the browser but not the session since there are probably more resources bound by the web session.
Yes, but sometimes it can't be done, like user disconnected, client computer hangs etc..
Purely for the LDAP server part you probably want to set idletimeout.
From slapd.conf(5):
idletimeout <integer> Specify the number of seconds to wait before forcibly closing an idle client connection. A idletimeout of 0 disables this feature. The default is 0. You may also want to set the writetimeout option.
Thanks for pointing this :)
A web app is a single client to ldap server, no matter how many http clients there are to the web app.
Hmm, i dont think that's true im my case. I'm using ruby gem for LDAP handling and if user logins new connection object instance is created with his credentials.
Marcin
openldap-technical@openldap.org