[Fedora-directory-users] directory server setting fail toterminateidle connections
Brian Fender
FenderB at gsicommerce.com
Tue Aug 14 15:04:47 UTC 2007
With a lightly used, it takes about two weeks to hit 8000 connections.
The number of connections does constantly drop, however not nearly as
fast as it increases. I would expect it to level off at some point, but
this never happens.
I believe that the reason it is creating new connections is because the
apache processes are hitting max-requests-per-child and respawning
before they ever have a need to re-use their LDAP connection. I think
the connection is being closed on the client side at this point, and
when another LDAP request actually comes in it makes a new connection.
The apache server is extremely busy, it just rarely talks to the LDAP
server.
-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com] On Behalf Of Rob
Crittenden
Sent: Tuesday, August 14, 2007 8:31 AM
To: General discussion list for the Fedora Directory server project.
Subject: Re: [Fedora-directory-users] directory server setting fail
toterminateidle connections
Brian Fender wrote:
> This is actually an apache webserver making the connections to
directory
> server. What I see through tcpdump and netstat is that apache creates
> an LDAP connection to perform a search, and the connection sits idle
for
> hours in established state. The webserver eventually re-uses the
random
> port it made the initial request on to talk to a client, so the LDAP
> connection no longer shoes up as established on the client side. On
the
> server side, however, it still shows the connection as established
> forever. There are many other apache children talking to the same
LDAP
> server in parallel, and the number of open filehandles constantly
> increases.
>
>
>
> I realize that it is possible that the webserver is not properly
tearing
> the connection down or a firewall may be blocking it, but shouldn't
the
> server application notice that that connection was idle for more than
> 20min and time it out anyway?
>
You want Apache to keep the connections open. It creates a pool of LDAP
connections to use for all authentication. TCP/IP connections are
expensive so it keeps them open to issue search and bind requests when
doing authentication.
There may be a bug in the pooling code but how many connections are we
talking about?
rob
More information about the Fedora-directory-users
mailing list