Note that a firewall silently dropping packets is a mis-configuration.

author Stefan Fritsch <sf@apache.org>

Sun, 24 Jan 2010 17:27:41 +0000 (17:27 +0000)

committer Stefan Fritsch <sf@apache.org>

Sun, 24 Jan 2010 17:27:41 +0000 (17:27 +0000)
author Stefan Fritsch <sf@apache.org>
Sun, 24 Jan 2010 17:27:41 +0000 (17:27 +0000)
committer Stefan Fritsch <sf@apache.org>
Sun, 24 Jan 2010 17:27:41 +0000 (17:27 +0000)
diff --git a/docs/manual/mod/mod_ldap.xml b/docs/manual/mod/mod_ldap.xml

index 177dab95cb0d8ac07b39dc9ce3b2eb9055b5a986..2b12936455904f4ca6feccadbea12812d657ebf8 100644 (file)
--- a/docs/manual/mod/mod_ldap.xml
+++ b/docs/manual/mod/mod_ldap.xml
@@ -663,7 +663,9 @@ connection client certificates.</description>
      the LDAP_OPT_TIMEOUT option in the underlying LDAP client library, when available.</p>
  
      <p> If the timeout expires, httpd will retry in case an existing connection has
-    been silently dropped by a firewall.</p>
+    been silently dropped by a firewall. However, performance will be much better if
+    the firewall is configured to send TCP RST packets instead of silently dropping
+    packets.</p>
  
      <note>
      <p>Timeouts for ldap compare operations requires an SDK with LDAP_OPT_TIMEOUT, such as OpenLDAP &gt;= 2.4.4.</p>
author	Stefan Fritsch <sf@apache.org>
	Sun, 24 Jan 2010 17:27:41 +0000 (17:27 +0000)
committer	Stefan Fritsch <sf@apache.org>
	Sun, 24 Jan 2010 17:27:41 +0000 (17:27 +0000)