IdP use of LDAP and connection pooling
Daniel Fisher
dfisher at vt.edu
Fri Sep 9 15:02:18 BST 2011
On Thu, Sep 8, 2011 at 4:24 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 9/8/11 4:14 PM, "Daniel Fisher" <dfisher at vt.edu> wrote:
> >
> >That's sounds very aggressive, and would certainly discourage pooling.
> >Perhaps they don't want you holding connections open? We configure
> >keep-alive on the servers (OpenLDAP, not AD) to encourage it.
>
> There's also a load balancer involved (per your other comment) that could
> be affecting it.
>
> One thing that didn't make sense to me was that the expirationTime setting
> in the connector is documented as causing the pool to eject stale
> connections once they're unused for that length of time. If that's shorter
> than the validation interval, I wouldn't expect the background validator
> to even try those connections and see that they're closed, since they
> should have just expired by then.
>
>
I think that's correct, if I understand what you're saying. A lower
expirationTime will cause those connections to be removed before the
validator even runs. So the connections won't be in the pool and therefore
won't be validated.
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20110909/93593ba8/attachment.html
More information about the users
mailing list