Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

reuse ldap connection #77

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

butonic
Copy link

@butonic butonic commented Mar 7, 2023

@rhafer @longsleep this PR will reuse the global ldap connection and use a dedicated connection for user binds when checking passwords. This limits the amount of memory used when checking user passwords and allows all global requests to reuse the connection, saving the argon2 overhead for the global connection which happens when calling ResolveUserByUsername or GetUser.

fixes owncloud/ocis#5765

@butonic butonic force-pushed the reuse-ldap-connection branch from 8f6cf2d to 4ee2b75 Compare April 17, 2023 21:04
@butonic butonic marked this pull request as ready for review April 17, 2023 21:06
@butonic butonic changed the title poc to reuse ldap connection reuse ldap connection Apr 17, 2023
Copy link
Collaborator

@longsleep longsleep left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The LDAP backend is really minimal and I am glad to see some improvements. Added a bunch of comments for discussion.

identifier/backends/ldap/ldap.go Show resolved Hide resolved
identifier/backends/ldap/ldap.go Outdated Show resolved Hide resolved
identifier/backends/ldap/ldap.go Outdated Show resolved Hide resolved
identifier/backends/ldap/ldap.go Show resolved Hide resolved
b.connLock.Lock()
defer b.connLock.Unlock()

if b.conn != nil && !b.conn.IsClosing() {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does not really know if the connection actually still works and might result in error and thus logon failure when getting used. Does the ldap connection do anything (like in the background) to ensure that does not happen? Normally that would be the job of the pool before giving the connection to the caller.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, the connection closes itself only when it cannot read a response. We could port the reconnect wrapper from https://github.com/cs3org/reva/blob/edge/pkg/utils/ldap/reconnect.go

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this needs to be solved before this can be merged. One way or another the connection needs to be "checked" if it is still usable (or some retry logic).

butonic added 2 commits April 18, 2023 12:07
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
@butonic butonic force-pushed the reuse-ldap-connection branch from 4ee2b75 to e9402eb Compare April 18, 2023 10:31
@butonic butonic requested a review from longsleep April 18, 2023 10:42
Copy link
Collaborator

@longsleep longsleep left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Like I commented before, I think there needs to be one way or another to ensure that a reused LDAP connection still is usable to errors just because the connection dropped.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

lico does not reuse ldap connections
3 participants