IdP use of LDAP and connection pooling

[Cantor, Scott]

Is there any conventional wisdom or experience with the use of connection
pooling in the IdP data connectors for LDAP, and specifically AD?

We're expanding use of LDAP as a data source, but my expertise lies
heavily on the RDBMS side and how the pooling behaves there. I did some
initial playing around adding a connection pool and am seeing what I kind
of expected, which is constant LDAP connection resets when the pools
validate when connections are idle.

I'm just wondering these kinds of things:

- are pools necessary to get reasonable performance on highly loaded IdPs?
- do they handle failed connections reasonably without ever surfacing them
as actual data connector failures?
- are there ways to maintain connections and avoid the timeouts from the
client end?
- is pool validation even needed, or does it just retry on failures and
handle things gracefully?

I use LDAP as a secondary source right now, with no pooling yet, and it's
basically fine, though I don't know the actual load on the AD servers.
Last thing I want is to add pooling and have it cause failures (which
poorly implemented RDBMS pools do cause).

-- Scott