[Freeipa-devel] SASL whoami
Simo Sorce
ssorce at redhat.com
Thu Oct 11 21:51:16 UTC 2007
On Thu, 2007-10-11 at 17:10 -0400, Rob Crittenden wrote:
> The connection pool has a fairly big problem with it. When a connection
> goes away, it doesn't currently see that and returns a failure rather
> than reconnecting. These connections can go away if FDS restarts, for
> example. Or the connection times out or we're hit by gamma rays, who knows.
>
> Trying to figure out where this failure is occurring and retrying the
> operation will be fairly difficult (for every LDAP operation basically).
>
> Instead what I've tried to do is run a quick operation on the connection
> when I pull it out of the pool. If it is bad I can easily make a new one.
>
> I wanted an LDAP operation that wasn't going to stress the server at
> all. There is an extended operation whoami so you can find out who is
> authenticated on this connection.
>
> Using this I can see whether the connection is alive or not and it
> actually works fairly well.
>
> The problem is that FDS doesn't implement it, so an error is logged. It
> isn't a big deal in my mind and in fact the operation is probably quite
> swift ("Do I have this extop? Nope, return.").
>
> So, we have several options:
>
> 1. Go with my current uncommitted patch and use an unimplemented extop
> to test the connection.
> 2. Go with the current uncommitted patch AND write a quickie plugin that
> does whoami.
> 3. Try something else altogether, such as catching ldap.SERVER_DOWN
> everywhere and trying again.
3. FDS can restart just after your operation has happened and you are
still in trouble, only you are going to add tons of unnecessary
operations and still not able to retry the right one.
Simo.
More information about the Freeipa-devel
mailing list