* This can happen when connection to remote server has been
* lost either due to remote server disconnecting it or due to
* proxy disconnecting it by itself (idle-timeout, conn-ttl).
+ * See comment in ldap_back_conn_prune().
*/
if ( !BER_BVISNULL( &lc->lc_bound_ndn ) && !BER_BVISEMPTY( &lc->lc_bound_ndn ) ) {
Debug( LDAP_DEBUG_ANY,
return -1;
}
+/*
+ * Iterate though connections and close those that are pass the expiry time.
+ * Also calculate the time for next connection to to expire.
+ *
+ * Note:
+ * When the client sends a request after remote connection is pruned, a new
+ * connection is created but bind cannot be replayed even if "rebind-as-user"
+ * was set to "yes". The client credentials are stored in ldapconn_t and lost
+ * when the connection is freed.
+ *
+ * LDAP_DISCONNECT is sent to signal the client that it needs to reconnect to
+ * the proxy and rebind itself (see "Bind is requested with DN but without
+ * credentials" in ldap_back_dobind_int()). Better implementation would not
+ * free ldapconn_t but instead just close the socket. This is not implemented
+ * currently as it is considerable work for what is assumed to be a corner case.
+ */
static void
ldap_back_conn_prune( ldapinfo_t *li )
{
TAvlnode *edge;
int c;
- /*
- * Iterate though connections and close those that are pass the expiry time.
- * Also calculate the time for next connection to to expire.
- */
ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
for ( c = LDAP_BACK_PCONN_FIRST; c < LDAP_BACK_PCONN_LAST; c++ ) {
projects / thirdparty / openldap.git / commitdiff
