[Freeipa-devel] SASL whoami

Pete Rowley prowley at redhat.com
Thu Oct 11 22:01:12 UTC 2007 

Rob Crittenden wrote:
> Simo Sorce wrote:
>> On Thu, 2007-10-11 at 17:10 -0400, Rob Crittenden wrote:
>>> The connection pool has a fairly big problem with it. When a 
>>> connection goes away, it doesn't currently see that and returns a 
>>> failure rather than reconnecting. These connections can go away if 
>>> FDS restarts, for example. Or the connection times out or we're hit 
>>> by gamma rays, who knows.
>>>
>>> Trying to figure out where this failure is occurring and retrying 
>>> the operation will be fairly difficult (for every LDAP operation 
>>> basically).
>>>
>>> Instead what I've tried to do is run a quick operation on the 
>>> connection when I pull it out of the pool. If it is bad I can easily 
>>> make a new one.
>>>
>>> I wanted an LDAP operation that wasn't going to stress the server at 
>>> all. There is an extended operation whoami so you can find out who 
>>> is authenticated on this connection.
>>>
>>> Using this I can see whether the connection is alive or not and it 
>>> actually works fairly well.
>>>
>>> The problem is that FDS doesn't implement it, so an error is logged. 
>>> It isn't a big deal in my mind and in fact the operation is probably 
>>> quite swift ("Do I have this extop? Nope, return.").
>>>
>>> So, we have several options:
>>>
>>> 1. Go with my current uncommitted patch and use an unimplemented 
>>> extop to test the connection.
>>> 2. Go with the current uncommitted patch AND write a quickie plugin 
>>> that does whoami.
>>> 3. Try something else altogether, such as catching ldap.SERVER_DOWN 
>>> everywhere and trying again.
>>
>> 3. FDS can restart just after your operation has happened and you are
>> still in trouble, only you are going to add tons of unnecessary
>> operations and still not able to retry the right one.
>>
>> Simo.
>>
>
> I'm trying to handle the most common cases. The current code will not 
> work. We can alternatively rebind with every request, that will also 
> detect the loss of connectivity. That just seems like overkill.
>
> I'm happy with a best-effort. If FDS is restarting in the middle of 
> things a few client errors are probably the least of our troubles.
How about a keep alive thread that adds fresh activity on each 
connection every minute or so and fixes up dead connections.  Then we 
can keep this business out of the main loop.

-- 
Pete

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071011/ff7661df/attachment.bin>

More information about the Freeipa-devel mailing list