Failure to reconnect to ldaps server after idle_timeout
Phil Mayers
p.mayers at imperial.ac.uk
Wed Mar 11 12:40:06 CET 2015
On 10/03/15 21:08, Arran Cudbard-Bell wrote:
>
>> On 10 Mar 2015, at 17:01, Stefan Paetow <Stefan.Paetow at jisc.ac.uk> wrote:
>>
>>> seen this in 3.0.x (before 3.0.7) where the LDAP timers are set to aggressively. don't expire
>>> the connections and have lifetime = 0 - then the sockets are nicely kept open and will be reconnected
>>> if theres connectivity issue
>>
>> Alan D, Arran, can we document this in the Wiki? I'll happily put a Wiki entry for that together if you're ok with this?
>
> Sure.
>
> Something along the lines of "NSS is garbage, don't use NSS"?
NSS is a generally well-written library, and thought by some to be
superior to OpenSSL. I have mixed feelings - there are some design
decisions I'm not wild on - but I think it's unfair to describe it as
"garbage" ;o)
It's definitely tedious this problem exists - I assume because RedHat
have linked libldap with the NSS/OpenSSL compat shim? - but that's
hardly the fault of NSS.
More information about the Freeradius-Users
mailing list