[Freeipa-devel] SASL whoami
Richard Megginson
rmeggins at redhat.com
Thu Oct 11 21:21:11 UTC 2007
Rob Crittenden wrote:
> The connection pool has a fairly big problem with it. When a
> connection goes away, it doesn't currently see that and returns a
> failure rather than reconnecting. These connections can go away if FDS
> restarts, for example. Or the connection times out or we're hit by
> gamma rays, who knows.
>
> Trying to figure out where this failure is occurring and retrying the
> operation will be fairly difficult (for every LDAP operation basically).
>
> Instead what I've tried to do is run a quick operation on the
> connection when I pull it out of the pool. If it is bad I can easily
> make a new one.
>
> I wanted an LDAP operation that wasn't going to stress the server at
> all. There is an extended operation whoami so you can find out who is
> authenticated on this connection.
>
> Using this I can see whether the connection is alive or not and it
> actually works fairly well.
>
> The problem is that FDS doesn't implement it, so an error is logged.
> It isn't a big deal in my mind and in fact the operation is probably
> quite swift ("Do I have this extop? Nope, return.").
>
> So, we have several options:
>
> 1. Go with my current uncommitted patch and use an unimplemented extop
> to test the connection.
> 2. Go with the current uncommitted patch AND write a quickie plugin
> that does whoami.
> 3. Try something else altogether, such as catching ldap.SERVER_DOWN
> everywhere and trying again.
Instead of the extop, could just query the root DSE?
>
> rob
> ------------------------------------------------------------------------
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071011/3693c029/attachment.bin>
More information about the Freeipa-devel
mailing list