IdP use of LDAP and connection pooling
Daniel Fisher
dfisher at vt.edu
Thu Sep 8 21:10:39 BST 2011
On Thu, Sep 8, 2011 at 3:10 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 9/8/11 3:02 PM, "Jim Fox" <fox at washington.edu> wrote:
> >
> >We use connection pooling for all our accesses to LDAP. We use TLS, and
> >the overhead of starting up a new session on each query seemed excessive
> >to me. Our openldap servers keep the sessions open all day.
>
> Are you using any of the validation options in the pooling element? I see
> the retry count defaults to 1 inside the vt-ldap code, so I'm sure no
> matter what I do, it's just going to drop the failed connection and retry.
> With some cases like that, the problem is if the closed connections hangs
> (very common with database pools) but these don't seem to.
>
>
The most common hangs we've seen and heard about are caused by hardware load
balancers that don't send resets to both client and server. I haven't tested
the read timeout that Ryan mentioned, but typically setting a timeLimit and
doing validation will work around that issue.
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110908/7d3adc91/attachment.html
More information about the users
mailing list