[ejabberd] ejabberd 1.1.1 LDAP timeout sorrows

Simon Morris simon.morris at cmtww.com
Mon Sep 18 20:01:53 MSD 2006


On Mon, 2006-09-18 at 11:35 +0100, Simon Morris wrote:
> Do we know if the code attempts to keep the TCP connection open
> though?
> 
> 
> Or does the ejabberd open a new TCP session for each authentication
> requires. Just wondering.

I went to lurk in the ejabberd conference room and was told that the TCP
session stays open...

(11:45:45) zenith: sm: it is very unprofitable to do ldap-connection per
request
(11:46:24) zenith: sm: but some kind of ping may help, but dunno how to
implement it right

Thanks for that zenith...

The firewall engineer tells me that the translation table on the PIX has
a timeout of about 1 hour which makes sense. This is about the time it
takes for the auth_ldap module to start to fail.

He cannot increase the timeout as it will affect the memory usage on the
firewall.

Is there a solution? I cannot bring the LDAP server into the DMZ where
the Jabber server sits and I must have LDAP integration.

Thanks

~sm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.jabber.ru/pipermail/ejabberd/attachments/20060918/5bc73abb/attachment.pgp


More information about the ejabberd mailing list