Brian Fender wrote:
This is actually an apache webserver making the connections to directory server. What I see through tcpdump and netstat is that apache creates an LDAP connection to perform a search, and the connection sits idle for hours in established state. The webserver eventually re-uses the random port it made the initial request on to talk to a client, so the LDAP connection no longer shoes up as established on the client side. On the server side, however, it still shows the connection as established forever. There are many other apache children talking to the same LDAP server in parallel, and the number of open filehandles constantly increases. I realize that it is possible that the webserver is not properly tearing the connection down or a firewall may be blocking it, but shouldn’t the server application notice that that connection was idle for more than 20min and time it out anyway?
You want Apache to keep the connections open. It creates a pool of LDAP connections to use for all authentication. TCP/IP connections are expensive so it keeps them open to issue search and bind requests when doing authentication.
There may be a bug in the pooling code but how many connections are we talking about?
rob
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
