LDAP Connection Maintenance


There are typically a few common issues where connection could be lost from a LDAP connection.

Loss of LDAP Directory System Agent#

Loss of LDAP Server either to failure or routine maintenance can typically be overcome by utilizing a connection pool.

Normally, the connection pool will maintain several LDAP connections and ensure they are valid.

TCP Disconnects#

Often in LOAD Balanced LDAP environments we have seen incidents where the Load Balancer will sever TCP Sessions upon which there is no traffic within a defined period. As the Load balancer is a "Man-In-The-Middle" TCP entities, they may simply close the TCP Sessions without an proper disconnect.

The LDAP server will eventually time-out the TCP sessions. However, there maybe 1,000s of these session in an active LDAP environment.

The Application needs to manage these TCP sessions and ensure that they are "alive" because, they may not have been "properly" informed that the TCP connection has been severed by the load balancer.

Mitigating Severed TCP Sessions#

Often using a LDAP pool will minimize the severed TCP sessions as the pool will monitor and send a type of "keep-alive" packet to the LDAP servers.

Often setting the Load Balancer timeout values to a higher value than the LDAP Pool will cause the LDAP Pool to re-establish the LDAP connection before the load-balancer times the connection out.

If the application can be programmed to verify the TCP session before sending a new LDAP request is always best. Some LDAP APIs will provide a isConnected() method to verify if the LDAP session is still alive.

More Information#

There might be more information for this subject on one of the following: