httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jess Holle <>
Subject Re: Puzzling News
Date Wed, 02 Mar 2005 15:23:52 GMT
Graham Leggett wrote:

>Jess Holle said:
>>I've not had a chance to try the LDAP connection timeout patch, but my
>>biggest remaining issue (besides the multiple-LDAP enhancement) is that
>>of firewall treatment.  If there is a firewall between Apache and LDAP
>>(quite common) and if this firewall drops idle connections (also quite
>>common), then it can drop Apache's cached LDAP connections -- and Apache
>>2 (at least without the connection timeout patch) does not handle this
>>well.  If the connection timeout patch suffices, then I could honestly
>>say Apache LDAP is stable and ready for enhancements again.
>I did see bnicholes commit something which addressed a missing cleanup if
>a lookup failed through a bad connection.
>Can you test the latest SVN trunk and see if the problem is still there?
>The LDAP stuff should still "do the right thing" even if LDAP connections
>are timing out and not closed down correctly. The only side effect of not
>having the timeout patch should be connections hanging around (in itself a
>bad thing) - it should never cause the LDAP stuff to give an incorrect
>result, although it might slow it down.
We've not seen incorrect results, but "slow it down" is an 
understatement -- such requests take so long that the user believes the 
server is hung.

This same issue affects mod_jk as well unless one config options 
provided therein to workaround it.  [In this case the typical approach 
is to change the server's socket keep alive heartbeat interval to less 
than the firewall timeout and to set a mod_jk option for it to set the 
keep alive option on its sockets.]

Jess Holle

View raw message