IdP use of LDAP and connection pooling

Daniel Fisher dfisher at
Thu Sep 8 21:10:39 BST 2011

On Thu, Sep 8, 2011 at 3:10 PM, Cantor, Scott <cantor.2 at> wrote:

> On 9/8/11 3:02 PM, "Jim Fox" <fox at> wrote:
> >
> >We use connection pooling for all our accesses to LDAP.  We use TLS, and
> >the overhead of starting up a new session on each query seemed excessive
> >to me.  Our openldap servers keep the sessions open all day.
> Are you using any of the validation options in the pooling element? I see
> the retry count defaults to 1 inside the vt-ldap code, so I'm sure no
> matter what I do, it's just going to drop the failed connection and retry.
> With some cases like that, the problem is if the closed connections hangs
> (very common with database pools) but these don't seem to.
The most common hangs we've seen and heard about are caused by hardware load
balancers that don't send resets to both client and server. I haven't tested
the read timeout that Ryan mentioned, but typically setting a timeLimit and
doing validation will work around that issue.

--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the users mailing list