rlm_ldap & TCP KeepAlive

Fred MAISON fred.maison at gmail.com
Fri Apr 30 10:57:31 CEST 2010 

Hello,

Some stateful equipments like firewall or load-balancers tends to drop
long-time idle tcp session to protect their session tables.
To keep idle tcp session active and avoid this kind of deconnections, I
found it could be useful to be able to configure TCP KeepAlive from
rlm_ldap config file, exposing TCP KeepAlive options available in
Openldap libraries to rlm_ldap config file :
LDAP_OPT_X_KEEPALIVE_IDLE, LDAP_OPT_X_KEEPALIVE_PROBES,
LDAP_OPT_X_KEEPALIVE_INTERVAL

Unfortunately, as Redhat released his 5.5, I don't have anymore access
to jdennis binary repository, so I am in trouble to recompile 2.1.8 for
CentOS 5.4 on x86_64.
I have tried to recompile freeradius 2.1.8 with this patch from
fedoraproject cvs sources, but I don't know how to integrate this patch
in the source tree.

Can you help ?

Once validated, could this kind of code be integrated in a future
release ?

Best regards,
Fred MAISON

hg diff
diff -r 9bc9e5b4d605 rlm_ldap.c
--- a/rlm_ldap.c	Fri Apr 30 10:18:42 2010 +0000
+++ b/rlm_ldap.c	Fri Apr 30 10:32:05 2010 +0000
@@ -173,8 +173,12 @@
 	int		 edir_account_policy_check;
 #endif
 	int		 set_auth_type;
+	int		keepalive_idle;
+	int		keepalive_probes;
+	int		keepalive_interval;
 }  ldap_instance;
 
+
 /* The default setting for TLS Certificate Verification */
 #define TLS_DEFAULT_VERIFY "allow"
 
@@ -315,6 +319,9 @@
 #endif
 
 	{"set_auth_type", PW_TYPE_BOOLEAN,
offsetof(ldap_instance,set_auth_type), NULL, "yes"},
+	{"keepalive_idle", PW_TYPE_INTEGER,
offsetof(ldap_instance,keepalive_idle), NULL, "60"}
+	{"keepalive_probes", PW_TYPE_INTEGER,
offsetof(ldap_instance,keepalive_probes), NULL, "3"}
+	{"keepalive_interval", PW_TYPE_INTEGER,
offsetof(ldap_instance,keepalive_interval), NULL, "30"}
 	{NULL, -1, 0, NULL, NULL}
 };
 
@@ -2272,6 +2279,24 @@
 		radlog(L_ERR, "  [%s] Could not set LDAP version to V3: %s",
inst->xlat_name, ldap_err2string(ldap_errno));
 	}
 
+	if (ldap_set_option(ld, LDAP_OPT_X_KEEPALIVE_IDLE,
+			    (void *) &(inst->keepalive_idle)) != LDAP_OPT_SUCCESS) {
+		ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &ldap_errno);
+		radlog(L_ERR, "  [%s] Could not set LDAP_OPT_X_KEEPALIVE_IDLE %d: %
s", inst->xlat_name, inst->keepalive_idle, ldap_err2string(ldap_errno));
+	}
+	if (ldap_set_option(ld, LDAP_OPT_X_KEEPALIVE_PROBES,
+			    (void *) &(inst->keepalive_probes)) != LDAP_OPT_SUCCESS) {
+		ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &ldap_errno);
+		radlog(L_ERR, "  [%s] Could not set LDAP_OPT_X_KEEPALIVE_PROBES %d: %
s", inst->xlat_name, inst->keepalive_probes,
ldap_err2string(ldap_errno));
+	}
+	if (ldap_set_option(ld, LDAP_OPT_X_KEEPALIVE_INTERVAL,
+			    (void *) &(inst->keepalive_interval)) != LDAP_OPT_SUCCESS) {
+		ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &ldap_errno);
+		radlog(L_ERR, "  [%s] Could not set LDAP_OPT_X_KEEPALIVE_INTERVAL %d:
%s", inst->xlat_name, inst->keepalive_interval,
ldap_err2string(ldap_errno));
+	}
+
+
+
 #ifdef HAVE_LDAP_START_TLS
         if (inst->tls_mode) {
 		DEBUG("  [%s] setting TLS mode to %d", inst->xlat_name,
inst->tls_mode);

More information about the Freeradius-Devel mailing list