Ldapmavis-mt doesn’t try to open new session to ldap server after inactivity #106
Comments
|
Hi Sandy, alas, it will take a while to add resilience to this. Threading complicates things :-/ Cheers, Marc |
|
Hi Sandy, I've added some recovery code in 6edb2e1. Cheers, Marc |
|
Hi Marc, I just tried testing this, unfortunately it now doesn’t try to reach out to LDAPS hosts even on first attempt. I rolled back to previous commit 004679e and LDAPS is working again |
|
Hi Sandy, mea culpa ... looks like I didn't test the latest code correctly (wrong binary). The lastest commit should fix this issue. Thanks, Marc |
|
Hi Marc, Checking latest shows LDAPS is working again, thanks! Still seeing the original behaviour though; if I leave the tacacs server with no client activity until the TCP sessions with LDAPS all timeout (5 mins in my case) and then retry an auth, tacacs server is not trying to reach out to LDAPS Cheers |
|
Hi Sandy, e4f7ff3 removes the shared LDAP connection and uses a dedicated one for each thread, so connection timeouts should no longer cause issues. Cheers, Marc |
|
That’s fixed it! Nice! Thank you Marc |
Hi Marc,
I noticed in testing, it seems that if the TCP session to the LDAPS server times out / closes due to inactivity, then when the next tacacs client comes along, it doesn’t try to create a new session to LDAPS again, resulting in an ERR response back to client. Would it be possible to check if the connection had closed and to try to reopen it if so? Interested in your thoughts on that
Thanks as always! Really a great project!
Sandy
The text was updated successfully, but these errors were encountered: