LDAP module locks
Alan DeKok
aland at ox.org
Thu Feb 9 17:56:14 CET 2006
Peter Manckok <peter_manckok at yahoo.es> wrote:
> Why don´t you use the pthread_mutex_lock function
> instead in order to wait until the connection is
> unlocked?
Because the LDAP server may be blocked. So waiting for the lock
means waiting for 20-30 seconds, which is unacceptabled.
The current implementation allows the server to fail over to a
second LDAP database if all of the connections to the first one are
used.
Also, the configurationj limits the number of connections to the
LDAP server, to avoid overloading it with RADIUS requests. Once the
number of connections are limited, you *have* to fail when all are in
use.
This makes the server more robust, because it gracefully handles
failures, rather than stopping dead.
Alan DeKok.
More information about the Freeradius-Users
mailing list