CLOSE_WAIT sessions

Michael Ströder michael at stroeder.com
Wed Mar 26 17:02:22 CET 2008


Ron,

Ron Teitelbaum wrote:
> Yes python-ldap.  I'm using a smalltalk -> python-ldap 2.2.1 -> openLDAP
> 2.3-2.3.30 on Ubuntu 7.04 (GNU/Linux 2.6.20-16-generic)

There has been important fixes for Python 2.5 and also ReconnectLDAPObject 
in 2.3.0. So I'd recommend to build python-ldap 2.3.2 (released today).

>>> I'm doing a bind->call->unbind on every
>>> call.
>> Is that really necessary?
> 
> When I started writing this code I assumed that I needed some sort of
> connection pooling.  When bind->call->unbind turned out to be very fast I
> figured the pool was a premature optimization.  Maybe I should have stuck
> with my gut feeling.

A connection pool and making a new connection all the time are very extreme 
variants. I don't know your application's needs though.

>>>  I am also using the ReconnectLdapObject to try to help with "can not
>>> connect" problems,
>> Well, using ReconnectLdapObject and doing bind-search-unbind all the time
>> is
>> somewhat contradictory since ReconnectLdapObject is for keeping long-
>> lasting
>> connections alive. But this should not be the problem.
> 
> That's interesting.  I thought ReconnectLdapObject's primary purpose was to
> help with can-not-connect issues.

Yes, but mainly for long-lasting connections.

>  Very often we get can-not-connect errors.
> Sometimes we get them even when things worked.  We wrote some handlers to
> retry and to ignore errors associated with duplicate processing.  Any idea
> why we would be getting can-not-connect errors?  (we get them sporadically
> with bind, write, search ...) 

You mean ldap.SERVER_DOWN exceptions? Yes, you could ReconnectLdapObject to 
make things a litte easier within your application. If you're solely using 
the synchronous methods you don't have to catch the exceptions yourself. But 
if you experience this to happen very often you should try to solve the 
problem causing this.

>>> The server died the first time we tried to put a significant load on it.
>> What server (vendor and version) is this? Which version of python-ldap and
>> which version OpenLDAP libs are used?
> 
> python-ldap 2.2.1 -> openLDAP 2.3-2.3.30 on Ubuntu 7.04 (GNU/Linux
> 2.6.20-16-generic)
> 
> The older releases above are to stay inline with the Debian release.

I see several problems with Debian packages:

1. Some Debian packages of python-ldap were heavily patched to work with 
ancient OpenLDAP 2.1 libs. I refuse to give support for those. Don't know 
about the particular version you're using though.

2. OpenLDAP debian packages are linked against gnu-tls which causes all 
sorts of problems when LDAP over SSL (LDAPS) or StartTLS ext.op. is used. 
This could lead to ldap.SERVER_DOWN to be raised if anything goes wrong at 
SSL/TLS level

Ciao, Michael.



More information about the python-ldap mailing list