[Freeipa-devel] SASL whoami

Rob Crittenden rcritten at redhat.com
Thu Oct 11 21:10:37 UTC 2007


The connection pool has a fairly big problem with it. When a connection 
goes away, it doesn't currently see that and returns a failure rather 
than reconnecting. These connections can go away if FDS restarts, for 
example. Or the connection times out or we're hit by gamma rays, who knows.

Trying to figure out where this failure is occurring and retrying the 
operation will be fairly difficult (for every LDAP operation basically).

Instead what I've tried to do is run a quick operation on the connection 
when I pull it out of the pool. If it is bad I can easily make a new one.

I wanted an LDAP operation that wasn't going to stress the server at 
all. There is an extended operation whoami so you can find out who is 
authenticated on this connection.

Using this I can see whether the connection is alive or not and it 
actually works fairly well.

The problem is that FDS doesn't implement it, so an error is logged. It 
isn't a big deal in my mind and in fact the operation is probably quite 
swift ("Do I have this extop? Nope, return.").

So, we have several options:

1. Go with my current uncommitted patch and use an unimplemented extop 
to test the connection.
2. Go with the current uncommitted patch AND write a quickie plugin that 
does whoami.
3. Try something else altogether, such as catching ldap.SERVER_DOWN 
everywhere and trying again.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071011/63b6ad83/attachment.bin>


More information about the Freeipa-devel mailing list