>> Quanah Gibson-Mount <quanah(a)symas.com> schrieb am
01.12.2020 um 21:15 in
‑‑On Tuesday, December 1, 2020 8:20 AM +0000 Tero Saarni
> I tested only with recent releases and git master, not with very old
> versions since they are bit harder to compile with modern distros. But I
> have compared the code from a random historical release. It seems to be
> the same as today.
> Quanah also replied "back‑ldap likely needs a task to check for idle
> connections" so I'm bit puzzled if this has worked previously. Maybe
> ldap_back_getconn() can be called in some other scenario also without
> having traffic from client towards the proxy?
Howard specifically said the following while I was discussing with him:
The current idletimeout code in there is pretty useless. It checks the
timestamp the next time a conn is referenced, so if it's never referenced,
the idle timeout never has any effect. If the conn *is* referenced ‑ you
should just use the conn, instead of killing it.
So generally, if a load balancer or other traffic shaper is in use that
closes connections silently, set a keepalive. Overall the idle timeout has
little purpose for back‑ldap connections.
Having written an app myself that had the same problem, I just added a timeout
thread that watches the time of last activity for each registered connection
(which is a thread in my app). If the last activity is too old, the connection
In OpenLDAP the monitor database shows there is a
monitorConnectionActivityTime, so I can imagine this could be fixed ;-)
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: