-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
reuse ldap connection #77
base: master
Are you sure you want to change the base?
Conversation
8f6cf2d
to
4ee2b75
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The LDAP backend is really minimal and I am glad to see some improvements. Added a bunch of comments for discussion.
b.connLock.Lock() | ||
defer b.connLock.Unlock() | ||
|
||
if b.conn != nil && !b.conn.IsClosing() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This does not really know if the connection actually still works and might result in error and thus logon failure when getting used. Does the ldap connection do anything (like in the background) to ensure that does not happen? Normally that would be the job of the pool before giving the connection to the caller.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm, the connection closes itself only when it cannot read a response. We could port the reconnect wrapper from https://github.com/cs3org/reva/blob/edge/pkg/utils/ldap/reconnect.go
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this needs to be solved before this can be merged. One way or another the connection needs to be "checked" if it is still usable (or some retry logic).
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
4ee2b75
to
e9402eb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Like I commented before, I think there needs to be one way or another to ensure that a reused LDAP connection still is usable to errors just because the connection dropped.
@rhafer @longsleep this PR will reuse the global ldap connection and use a dedicated connection for user binds when checking passwords. This limits the amount of memory used when checking user passwords and allows all global requests to reuse the connection, saving the argon2 overhead for the global connection which happens when calling
ResolveUserByUsername
orGetUser
.fixes owncloud/ocis#5765