[ejabberd] ejabberd 1.1.1 LDAP timeout sorrows

Evgeniy Khramtsov hev at sbyt.amur.elektra.ru
Tue Sep 19 06:09:00 MSD 2006

Simon Morris wrote:

>The firewall engineer tells me that the translation table on the PIX has
>a timeout of about 1 hour which makes sense. This is about the time it
>takes for the auth_ldap module to start to fail.
>He cannot increase the timeout as it will affect the memory usage on the
>Is there a solution? I cannot bring the LDAP server into the DMZ where
>the Jabber server sits and I must have LDAP integration.
I did some research and found some information about the time of 
keepalive packets.
For linux:
For Windows NT-like:

As you can see, keepalive function is OS dependent and you can configure 
it manually.
Also, I'd like to notice that in Linux and Windows default value is 2 
hours, so I think this
is not a good idea to set this option less the 2 hours on the PIX. 
Please show this links
to you firewall engineer.

Unfortunately, ejabberd doesn't open LDAP connections in keepalive mode.
But you can simple change this though. Apply the patch:
--- ejabberd.orig/src/eldap/eldap.erl   2006-09-15 08:26:53.000000000 +1000
+++ ejabberd/src/eldap/eldap.erl        2006-09-19 12:05:33.000000000 +1000
@@ -808,7 +808,7 @@
 connect_bind(S) ->
     Host = next_host(S#eldap.host, S#eldap.hosts),
-    TcpOpts = [{packet, asn1}, {active, true}, binary],
+    TcpOpts = [{packet, asn1}, {active, true}, {keepalive, true}, binary],
     case gen_tcp:connect(Host, S#eldap.port, TcpOpts) of
        {ok, Socket} ->
            case bind_request(Socket, S) of

And recompile ejabberd.


More information about the ejabberd mailing list