Brian Fender wrote: > This is actually an apache webserver making the connections to directory > server. What I see through tcpdump and netstat is that apache creates > an LDAP connection to perform a search, and the connection sits idle for > hours in established state. The webserver eventually re-uses the random > port it made the initial request on to talk to a client, so the LDAP > connection no longer shoes up as established on the client side. On the > server side, however, it still shows the connection as established > forever. There are many other apache children talking to the same LDAP > server in parallel, and the number of open filehandles constantly > increases. > > > > I realize that it is possible that the webserver is not properly tearing > the connection down or a firewall may be blocking it, but shouldn?t the > server application notice that that connection was idle for more than > 20min and time it out anyway? > You want Apache to keep the connections open. It creates a pool of LDAP connections to use for all authentication. TCP/IP connections are expensive so it keeps them open to issue search and bind requests when doing authentication. There may be a bug in the pooling code but how many connections are we talking about? rob -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070814/e1be99fd/attachment.bin
