Quanah Gibson-Mount wrote: > > > --On Tuesday, December 1, 2020 8:20 AM +0000 Tero Saarni > <[email protected]> wrote: > >> I tested only with recent releases and git master, not with very old >> versions since they are bit harder to compile with modern distros. But I >> have compared the code from a random historical release. It seems to be >> the same as today. >> >> Quanah also replied "back-ldap likely needs a task to check for idle >> connections" so I'm bit puzzled if this has worked previously. Maybe >> ldap_back_getconn() can be called in some other scenario also without >> having traffic from client towards the proxy? > > Howard specifically said the following while I was discussing with him: > > ----------- > The current idletimeout code in there is pretty useless. It checks the > timestamp the next time a conn is referenced, so if it's never referenced, > the idle > timeout never has any effect. If the conn *is* referenced - you should just > use the conn, instead of killing it. > ----------- > > So generally, if a load balancer or other traffic shaper is in use that > closes connections silently, set a keepalive. Overall the idle timeout has > little > purpose for back-ldap connections.
Thinking about it some more, there is a valid use case - if you know that a firewall will silently close connections after some time, you can set the idletimeout to a shorter time to prevent it from trying to use a connection that would have died. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
