Bowie Bailey writes:
Sam Varshavchik wrote:Bowie Bailey writes:> Can you give me a bit of insight into how the authdaemon processes > are handling the LDAP connections? Do they ever close them or do > they assume the connection will remain open indefinitely? What I> would assume is this: > > - Each process opens a connection and holds it open. > - When an authentication request comes in, it tries to use the > connection. > - If it fails, the process generates a 450 error and then opens a> new connection for the next request.> > This would mean that whenever an authdaemon process is idle for more> than the LDAP timeout period, I should expect to get an error on the > next incoming email that attempts to use that process. Is that > accurate? That's pretty much it. When no authentication requests arrive for five minutes, all open LDAP connections are closed. For this to happen, though, absolutely nothing needs to happen for five minutes. The thing is that even if requests trickle in every once in a while, each request will go to only one daemon at random; the others will continue to remain idle and hold open connections. I'm curious if the following patch will work, try it with the timeout set back to 30 seconds:That worked! After installing the patch, I cannot recreate the failures. Can you include this with the next release, or will I need to continue patching each upgrade?
I will include this patch.
pgp1eWqIuEiPU.pgp
Description: PGP signature
