LDAP timeouts during failure conditions

Alister Winfield alister at ticklers.org
Thu Jun 23 19:45:19 CEST 2011

If you do a generic connection pool system please allow for a max uses before forcing a reconnection. 

My desire to see this is primarily that after a failure of say an LDAP server it can take some unnecessary work to force a more balanced usage of servers behind load balancers. 

On 23 Jun 2011, at 17:28, Alan DeKok <aland at deployingradius.com> wrote:

> Phil Mayers wrote:
>> So, some discussion on the JANET-ROAMING list leads me to believe that,
>> during an "ldap server down" condition, rlm_ldap will incur
>> "net_timeout" on every (or many) passes through the module.
>  It's better for the module to track when connections are down, and
> return quickly if all are down.
>> I don't really understand the MAX_FAILED_* logic at the start of
>> perform_search, but it seems to conflict with the comments at the top of
>> the file:
>> * If conn->failed_conns > MAX_FAILED_CONNS_START then we don't
>> * try to do anything and we just do conn->failed_conns++ and
>> * return RLM_MODULE_FAIL
>  Yeah...
>> ...perform_search has no such logic; in any event, it seems like it
>> would be better to do an optional time-based per-server "fast fail" so
>> that:
>> redundant {
>>  ldap1
>>  ldap2
>> }
>> ...fails quickly if ldap1 is down.
>  Sure.  That should be easy to do.
>> In some ways it's a shame we can't use a worker thread to manage the
>> LDAP connection(s); that way, the module could be marked "fast fail"
>> unless and until a live connection exists. Is there any scope for that?
>  I'd really like 3.0 to have generic connection pools.  That would
> solve this problem by having common code, instead of stuff in rlm_sql,
> rlm_ldap, etc.
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html

More information about the Freeradius-Devel mailing list