[Freeipa-devel] SASL whoami

Rob Crittenden rcritten at redhat.com
Thu Oct 11 21:55:43 UTC 2007 

Simo Sorce wrote:
> On Thu, 2007-10-11 at 17:10 -0400, Rob Crittenden wrote:
>> The connection pool has a fairly big problem with it. When a connection 
>> goes away, it doesn't currently see that and returns a failure rather 
>> than reconnecting. These connections can go away if FDS restarts, for 
>> example. Or the connection times out or we're hit by gamma rays, who knows.
>>
>> Trying to figure out where this failure is occurring and retrying the 
>> operation will be fairly difficult (for every LDAP operation basically).
>>
>> Instead what I've tried to do is run a quick operation on the connection 
>> when I pull it out of the pool. If it is bad I can easily make a new one.
>>
>> I wanted an LDAP operation that wasn't going to stress the server at 
>> all. There is an extended operation whoami so you can find out who is 
>> authenticated on this connection.
>>
>> Using this I can see whether the connection is alive or not and it 
>> actually works fairly well.
>>
>> The problem is that FDS doesn't implement it, so an error is logged. It 
>> isn't a big deal in my mind and in fact the operation is probably quite 
>> swift ("Do I have this extop? Nope, return.").
>>
>> So, we have several options:
>>
>> 1. Go with my current uncommitted patch and use an unimplemented extop 
>> to test the connection.
>> 2. Go with the current uncommitted patch AND write a quickie plugin that 
>> does whoami.
>> 3. Try something else altogether, such as catching ldap.SERVER_DOWN 
>> everywhere and trying again.
> 
> 3. FDS can restart just after your operation has happened and you are
> still in trouble, only you are going to add tons of unnecessary
> operations and still not able to retry the right one.
> 
> Simo.
> 

I'm trying to handle the most common cases. The current code will not 
work. We can alternatively rebind with every request, that will also 
detect the loss of connectivity. That just seems like overkill.

I'm happy with a best-effort. If FDS is restarting in the middle of 
things a few client errors are probably the least of our troubles.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071011/4eed3f1f/attachment.bin>

More information about the Freeipa-devel mailing list