Howard Chu wrote: >> So generally, if a load balancer or other traffic shaper is in use that >> closes connections silently, set a keepalive. Overall the idle timeout has >> little >> purpose for back-ldap connections. > > Thinking about it some more, there is a valid use case - if you know that > a firewall will silently close connections after some time, you can set > the idletimeout to a shorter time to prevent it from trying to use a > connection that would have died.
>From what I can see, proxy will still try to use the connection that has died. > ldap_back_getconn() just marks the connection for deletion. From the comment >in bind.c: /* let it be used, but taint/delete it so that no-one else can look it up any further */ Since the TCP connection does not exist, the remote server will just respond TCP RST and thanks to retry fix #9400 a new connection will be created immediately and the operation will succeed. I wonder if anyone is already looking at adding a task to check for idle connections? If not, I could try, though I'm unsure if that would result in anything and I would certainly need some hand-holding :) -- Tero
