p:responseTimeout not present in LDAP connections
Youssef GHORBAL
youssef.ghorbal at pasteur.fr
Fri Apr 22 16:02:00 EDT 2016
> On 22 Apr 2016, at 17:24, Daniel Fisher <dfisher at vt.edu> wrote:
>
> On Thu, Apr 21, 2016 at 12:16 PM, Youssef GHORBAL <youssef.ghorbal at pasteur.fr> wrote:
> On the shibboleth side, I was wondering if there is any reasons not setting a default p:responseTimeout on the LDAP connection pools. Maybe there are other non obvious side effects ?
>
> I can't think of any bad side effects. Being an authentication subsystem I think an aggressive timeout is reasonable, something around 3 seconds. Of course, you'll probably be better off fixing the cause of the TCP hangs, but I know that's not always possible. Note that tuning the pool validation settings may also have some value here.
The problem with my particular case is that even pool validation hungs forever (since the LDAP si not responding anyway)
I put a value of 5s and I’ll see how things goes.
Youssef Ghorbal
Institut Pasteur
More information about the users
mailing list