LDAP recovery?

Daniel Fisher dfisher at vt.edu
Thu Apr 11 14:53:15 EDT 2019

On Wed, Apr 10, 2019 at 2:47 PM Paul B. Henson <henson at cpp.edu> wrote:

> I will need to follow up with our network group and test the behavior of
> the load balancer in the scenario. However, a response timeout can
> certainly be caused by an underlying network problem as opposed to an LDAP
> search problem. It seems how to handle it should at the least be a
> configurable option? I know my LDAP servers are not missing any indexes, if
> a query times out it is a transient problem and should be retried before
> considered a hard failure…

If you're using spring to configure the resolver, then it can be configured
to retry on a response timeout. Let me know if that's an option you are
interested in, I can provide some sample XML. But I wouldn't go that route
unless you're already using spring. I think a well behaved load balancer or
simply executing a clean shutdown of the directory before maintenance would
be better improvements.

--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20190411/ded11d85/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6317 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20190411/ded11d85/attachment.p7s>

More information about the users mailing list