[Fedora-directory-users] directory server setting fail toterminate idle connections
Rob Crittenden
rcritten at redhat.com
Tue Aug 14 12:31:27 UTC 2007
Brian Fender wrote:
> This is actually an apache webserver making the connections to directory
> server. What I see through tcpdump and netstat is that apache creates
> an LDAP connection to perform a search, and the connection sits idle for
> hours in established state. The webserver eventually re-uses the random
> port it made the initial request on to talk to a client, so the LDAP
> connection no longer shoes up as established on the client side. On the
> server side, however, it still shows the connection as established
> forever. There are many other apache children talking to the same LDAP
> server in parallel, and the number of open filehandles constantly
> increases.
>
>
>
> I realize that it is possible that the webserver is not properly tearing
> the connection down or a firewall may be blocking it, but shouldn’t the
> server application notice that that connection was idle for more than
> 20min and time it out anyway?
>
You want Apache to keep the connections open. It creates a pool of LDAP
connections to use for all authentication. TCP/IP connections are
expensive so it keeps them open to issue search and bind requests when
doing authentication.
There may be a bug in the pooling code but how many connections are we
talking about?
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070814/e1be99fd/attachment.bin>
More information about the Fedora-directory-users
mailing list