#48998 long-lived unix socket
Closed: wontfix 4 years ago by spichugi. Opened 8 years ago by npmccallum.

In FreeIPA we have the following architecture:

Kerberos (UDP) > KDC > RADIUS (UNIX/stream) > ipa-otpd > LDAP (UNIX/stream) > dirsrv

The middle socket (RADIUS) is long-lived (no idle timeout). This allows us to reuse the connection for multiple UDP packets, increasing speed.

The last socket is also long-lived for the same reason. However, dirsrv routinely shuts down this socket after hitting the nsslapd-idletimeout. It would be nice to avoid this.

This socket is used for proxying authentications to an LDAP bind. Thus, although the process is able to autobind, it doesn't.

It would be very nice to find a way to exempt this socket from nsslapd-idletimeout.


Metadata Update from @npmccallum:
- Issue set to the milestone: 1.3.6.0

7 years ago

Can you just use a nsIdleTimeout on the service account with a limit of -1? That should exempt it from c_idletimeout.

Metadata Update from @firstyear:
- Custom field reviewstatus adjusted to new
- Issue close_status updated to: None

7 years ago

Metadata Update from @firstyear:
- Issue assigned to firstyear

7 years ago

@npmccallum See my previous comment please, I think you can do this with nsIdleTimeout on the service account you bind as.

Metadata Update from @firstyear:
- Custom field reviewstatus reset (from new)

7 years ago

No, because the socket is used for binding.

Metadata Update from @firstyear:
- Issue set to the milestone: 1.4 backlog (was: 1.3.6.0)

7 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/2057

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

4 years ago

Log in to comment on this ticket.

Metadata