On 10/03/15 21:08, Arran Cudbard-Bell wrote:
On 10 Mar 2015, at 17:01, Stefan Paetow <Stefan.Paetow@jisc.ac.uk> wrote:
seen this in 3.0.x (before 3.0.7) where the LDAP timers are set to aggressively. don't expire the connections and have lifetime = 0 - then the sockets are nicely kept open and will be reconnected if theres connectivity issue
Alan D, Arran, can we document this in the Wiki? I'll happily put a Wiki entry for that together if you're ok with this?
Sure.
Something along the lines of "NSS is garbage, don't use NSS"?
NSS is a generally well-written library, and thought by some to be superior to OpenSSL. I have mixed feelings - there are some design decisions I'm not wild on - but I think it's unfair to describe it as "garbage" ;o) It's definitely tedious this problem exists - I assume because RedHat have linked libldap with the NSS/OpenSSL compat shim? - but that's hardly the fault of NSS.