IdP use of LDAP and connection pooling

Cantor, Scott cantor.2 at
Thu Sep 8 21:33:20 BST 2011

On 9/8/11 4:27 PM, "Eric Goodman" <ericg at> wrote:
>We had that problem (hardware LB killing connections), and it was pretty
>ugly. We only use the connection pooling for retrieving attributes, so
>the behavior we saw was that you'd log in, and if it had been more than
>an hour (or whatever the LB timeout was) since the previous login, you're
>SAML assertion to the SP just returned no data.

That at least does not seem to happen. It's not hung when the connections
are stale, just doesn't seem to make much use of the pool. I am obviously
much more concerned about my IdP than the AD server, so if they can handle
the load, I don't much care.

> This was with an older version of the IdP (2.1.5, right around when
>vt-ldap was first added).
>Due to an unrelated PeopleSoft LDAP-handling bug, we ended up lowering
>the idle timeout on out IdP to on the order of 2 minutes. This
>effectively made the LB timeout handling a non issue.

Which idle timeout are you referring to, if you don¹t mind?

-- Scott

More information about the users mailing list