directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel L├ęcharny <>
Subject pwdMinDelay and pwdMaxDelay
Date Fri, 12 Apr 2013 13:57:17 GMT
Hi guys,

I'm playing with the PP options, adding some tests, and I'm facing some
issue with the pwdMinDelay and pwdMaxDelay parameters.

Those two attributes are used to send back a response to a failure after
a delay (basically, if the bind fails, the server waits before sending
the bindResponse).

First of all, I really don't see how such a mechanism can protect the
server, but anyway...

The pb is to handle this delay properly, without consuming a thread
waiting for the delay to expire. The easy solution would be to do a
Thread.sleep(delay) and to send the response when the sleep is done, but
this is an atrocious solution, as it blocks a thread for N seconds.

So the other option is simply to process the BindRequest, trap the
exception, update the entry, and to just do nothing (ie, we don't send
back any response). That's fine, but at some point, we *have* to send
back the response...

We have two ways to do that :
1) We create a dedicated thread that write the response in the session
when the delay has expired
2) We check the delay when the server receives the idle event

Atm, the idle event is not sent to the LdapServer, but this is something
we can fix. That would be useful for some other aspects too (like, when
the session time out, we can close it).

I'm not in favor of the first solution, as it sounds more lie a hack
than something else.

All in all, it will take some time, and I suspect it's not really a
critical feature.

So, Q : what about differing the implementation of such a feature ?

Emmanuel L├ęcharny 

View raw message