]> git.sur5r.net Git - openldap/commitdiff
projects / openldap / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a4f8004)
implement (per-target) per-conn proxy-side idle-timeout (ITS#4115); revitalize (per...
authorPierangelo Masarati <ando@openldap.org>
Wed, 7 Dec 2005 17:35:02 +0000 (17:35 +0000)
committerPierangelo Masarati <ando@openldap.org>
Wed, 7 Dec 2005 17:35:02 +0000 (17:35 +0000)
servers/slapd/back-ldap/back-ldap.h patch | blob | history
servers/slapd/back-ldap/bind.c patch | blob | history
servers/slapd/back-ldap/config.c patch | blob | history
servers/slapd/back-meta/back-meta.h patch | blob | history
servers/slapd/back-meta/bind.c patch | blob | history
servers/slapd/back-meta/config.c patch | blob | history
servers/slapd/back-meta/conn.c patch | blob | history

diff --git a/servers/slapd/back-ldap/back-ldap.h b/servers/slapd/back-ldap/back-ldap.h
index 8ec1a372bc16a9e7e4e5065c4ca4819e57253a2c..33e90f141c795f6f360eae16686a05a08d08e724 100644 (file)
--- a/servers/slapd/back-ldap/back-ldap.h
+++ b/servers/slapd/back-ldap/back-ldap.h
@@ -79,6 +79,7 @@ typedef struct ldapconn_t {
 
        unsigned                lc_refcnt;
        unsigned                lc_flags;
+       time_t                  lc_time;
 } ldapconn_t;
 
 /*
@@ -183,6 +184,8 @@ typedef struct ldapinfo_t {
 
        ldap_avl_info_t li_conninfo;
 
+       time_t          li_network_timeout;
+       time_t          li_idle_timeout;
        time_t          li_timeout[ LDAP_BACK_OP_LAST ];
 } ldapinfo_t;
 
diff --git a/servers/slapd/back-ldap/bind.c b/servers/slapd/back-ldap/bind.c
index 2000f829eaaf979cc28d98ced0345388d15ca90d..c67eb606401562f0bcb27128cf739781343f8821 100644 (file)
--- a/servers/slapd/back-ldap/bind.c
+++ b/servers/slapd/back-ldap/bind.c
@@ -581,9 +581,22 @@ ldap_back_getconn( Operation *op, SlapReply *rs, ldap_back_send_t sendok )
                }
 
        } else {
-               Debug( LDAP_DEBUG_TRACE,
-                       "=>ldap_back_getconn: conn %p fetched (refcnt=%u)\n",
-                       (void *)lc, refcnt, 0 );
+               if ( li->li_idle_timeout != 0 && op->o_time > lc->lc_time + li->li_idle_timeout ) {
+                       /* in case of failure, it frees/taints lc and sets it to NULL */
+                       if ( ldap_back_retry( &lc, op, rs, sendok ) ) {
+                               lc = NULL;
+                       }
+               }
+
+               if ( lc ) {
+                       Debug( LDAP_DEBUG_TRACE,
+                               "=>ldap_back_getconn: conn %p fetched (refcnt=%u)\n",
+                               (void *)lc, refcnt, 0 );
+               }
+       }
+
+       if ( li->li_idle_timeout && lc ) {
+               lc->lc_time = op->o_time;
        }
 
 done:;
@@ -925,6 +938,9 @@ ldap_back_retry( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_
        int             rc = 0;
        ldapinfo_t      *li = (ldapinfo_t *)op->o_bd->be_private;
 
+       assert( lcp != NULL );
+       assert( *lcp != NULL );
+
        ldap_pvt_thread_mutex_lock( &li->li_conninfo.lai_mutex );
 
        if ( (*lcp)->lc_refcnt == 1 ) {
@@ -940,7 +956,11 @@ ldap_back_retry( ldapconn_t **lcp, Operation *op, SlapReply *rs, ldap_back_send_
 
                /* lc here must be the regular lc, reset and ready for init */
                rc = ldap_back_prepare_conn( lcp, op, rs, sendok );
-               if ( rc == LDAP_SUCCESS ) {
+               if ( rc != LDAP_SUCCESS ) {
+                       rc = 0;
+                       *lcp = NULL;
+
+               } else {
                        rc = ldap_back_dobind_int( *lcp, op, rs, sendok, 0, 0 );
                        if ( rc == 0 ) {
                                *lcp = NULL;
diff --git a/servers/slapd/back-ldap/config.c b/servers/slapd/back-ldap/config.c
index f1c76916cd48fe26a09fcbeae8fe7dada1e81fd1..07221bdfbd85c1c2230fe11d866ece1cd7bc9a69 100644 (file)
--- a/servers/slapd/back-ldap/config.c
+++ b/servers/slapd/back-ldap/config.c
@@ -60,6 +60,7 @@ enum {
        LDAP_BACK_CFG_T_F,
        LDAP_BACK_CFG_WHOAMI,
        LDAP_BACK_CFG_TIMEOUT,
+       LDAP_BACK_CFG_IDLE_TIMEOUT,
        LDAP_BACK_CFG_REWRITE,
 
        LDAP_BACK_CFG_LAST
@@ -214,6 +215,14 @@ static ConfigTable ldapcfg[] = {
                        "SYNTAX OMsDirectoryString "
                        "SINGLE-VALUE )",
                NULL, NULL },
+       { "idle-timeout", "timeout", 2, 0, 0,
+               ARG_MAGIC|LDAP_BACK_CFG_IDLE_TIMEOUT,
+               ldap_back_cf_gen, "( OLcfgDbAt:3.15 "
+                       "NAME 'olcDbIdleTimeout' "
+                       "DESC 'connection idle timeout' "
+                       "SYNTAX OMsDirectoryString "
+                       "SINGLE-VALUE )",
+               NULL, NULL },
        { "suffixmassage", "[virtual]> <real", 2, 3, 0,
                ARG_STRING|ARG_MAGIC|LDAP_BACK_CFG_REWRITE,
                ldap_back_cf_gen, NULL, NULL, NULL },
@@ -247,6 +256,7 @@ static ConfigOCs ldapocs[] = {
                        "$ olcDbTFSupport "
                        "$ olcDbProxyWhoAmI "
                        "$ olcDbTimeout "
+                       "$ olcDbIdleTimeout "
                ") )",
                        Cft_Database, ldapcfg},
        { NULL, 0, NULL }
@@ -310,14 +320,8 @@ ldap_back_cf_gen( ConfigArgs *c )
 
                case LDAP_BACK_CFG_TLS:
                        enum_to_verb( tls_mode, ( li->li_flags & LDAP_BACK_F_TLS_MASK ), &bv );
-                       if ( BER_BVISNULL( &bv ) ) {
-                               /* there's something wrong... */
-                               assert( 0 );
-                               rc = 1;
-
-                       } else {
-                               value_add_one( &c->rvalue_vals, &bv );
-                       }
+                       assert( !BER_BVISNULL( &bv ) );
+                       value_add_one( &c->rvalue_vals, &bv );
                        break;
 
                case LDAP_BACK_CFG_ACL_AUTHCDN:
@@ -330,6 +334,10 @@ ldap_back_cf_gen( ConfigArgs *c )
                case LDAP_BACK_CFG_ACL_BIND: {
                        int     i;
 
+                       if ( li->li_acl_authmethod == LDAP_AUTH_NONE ) {
+                               return 1;
+                       }
+
                        bindconf_unparse( &li->li_acl, &bv );
 
                        for ( i = 0; isspace( bv.bv_val[ i ] ); i++ )
@@ -373,6 +381,10 @@ ldap_back_cf_gen( ConfigArgs *c )
                        struct berval   bc = BER_BVNULL;
                        char            *ptr;
 
+                       if ( li->li_idassert_authmethod == LDAP_AUTH_NONE ) {
+                               return 1;
+                       }
+
                        if ( li->li_idassert_authmethod != LDAP_AUTH_NONE ) {
                                ber_len_t       len;
 
@@ -506,22 +518,46 @@ ldap_back_cf_gen( ConfigArgs *c )
                case LDAP_BACK_CFG_TIMEOUT:
                        BER_BVZERO( &bv );
 
+                       for ( i = 0; i < LDAP_BACK_OP_LAST; i++ ) {
+                               if ( li->li_timeout[ i ] != 0 ) {
+                                       break;
+                               }
+                       }
+
+                       if ( i == LDAP_BACK_OP_LAST ) {
+                               return 1;
+                       }
+
                        slap_cf_aux_table_unparse( li->li_timeout, &bv, timeout_table );
 
-                       if ( !BER_BVISNULL( &bv ) ) {   
-                               for ( i = 0; isspace( bv.bv_val[ i ] ); i++ )
-                                       /* count spaces */ ;
+                       if ( BER_BVISNULL( &bv ) ) {
+                               return 1;
+                       }
 
-                               if ( i ) {
-                                       bv.bv_len -= i;
-                                       AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ],
-                                               bv.bv_len + 1 );
-                               }
+                       for ( i = 0; isspace( bv.bv_val[ i ] ); i++ )
+                               /* count spaces */ ;
 
-                               ber_bvarray_add( &c->rvalue_vals, &bv );
+                       if ( i ) {
+                               bv.bv_len -= i;
+                               AC_MEMCPY( bv.bv_val, &bv.bv_val[ i ],
+                                       bv.bv_len + 1 );
                        }
+
+                       ber_bvarray_add( &c->rvalue_vals, &bv );
                        break;
 
+               case LDAP_BACK_CFG_IDLE_TIMEOUT: {
+                       char    buf[ SLAP_TEXT_BUFLEN ];
+
+                       if ( li->li_idle_timeout == 0 ) {
+                               return 1;
+                       }
+
+                       lutil_unparse_time( buf, sizeof( buf ), li->li_idle_timeout );
+                       ber_str2bv( buf, 0, 0, &bv );
+                       value_add_one( &c->rvalue_vals, &bv );
+                       } break;
+
                default:
                        /* FIXME: we need to handle all... */
                        assert( 0 );
@@ -599,6 +635,10 @@ ldap_back_cf_gen( ConfigArgs *c )
                        }
                        break;
 
+               case LDAP_BACK_CFG_IDLE_TIMEOUT:
+                       li->li_idle_timeout = 0;
+                       break;
+
                default:
                        /* FIXME: we need to handle all... */
                        assert( 0 );
@@ -614,14 +654,6 @@ ldap_back_cf_gen( ConfigArgs *c )
                char            **urllist = NULL;
                int             urlrc = LDAP_URL_SUCCESS, i;
 
-               if ( c->argc != 2 ) {
-                       fprintf( stderr, "%s: line %d: "
-                                       "missing uri "
-                                       "in \"uri <uri>\" line\n",
-                                       c->fname, c->lineno );
-                       return 1;
-               }
-
                if ( li->li_uri != NULL ) {
                        ch_free( li->li_uri );
                        li->li_uri = NULL;
@@ -671,10 +703,11 @@ ldap_back_cf_gen( ConfigArgs *c )
                                why = "unknown reason";
                                break;
                        }
-                       fprintf( stderr, "%s: line %d: "
+                       snprintf( c->msg, sizeof( c->msg),
                                        "unable to parse uri \"%s\" "
-                                       "in \"uri <uri>\" line: %s\n",
-                                       c->fname, c->lineno, c->value_string, why );
+                                       "in \"uri <uri>\" line: %s",
+                                       c->value_string, why );
+                       Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
                        urlrc = 1;
                        goto done_url;
                }
@@ -690,12 +723,13 @@ ldap_back_cf_gen( ConfigArgs *c )
                                        || tmpludp->lud_filter != NULL
                                        || tmpludp->lud_exts != NULL )
                        {
-                               fprintf( stderr, "%s: line %d: "
+                               snprintf( c->msg, sizeof( c->msg ),
                                                "warning, only protocol, "
                                                "host and port allowed "
                                                "in \"uri <uri>\" statement "
-                                               "for uri #%d of \"%s\"\n",
-                                               c->fname, c->lineno, i, c->value_string );
+                                               "for uri #%d of \"%s\"",
+                                               i, c->value_string );
+                               Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
                        }
                }
 
@@ -724,11 +758,12 @@ ldap_back_cf_gen( ConfigArgs *c )
                        urllist[ i ]  = ldap_url_desc2str( &tmplud );
 
                        if ( urllist[ i ] == NULL ) {
-                               fprintf( stderr, "%s: line %d: "
+                               snprintf( c->msg, sizeof( c->msg),
                                        "unable to rebuild uri "
                                        "in \"uri <uri>\" statement "
-                                       "for \"%s\"\n",
-                                       c->fname, c->lineno, c->argv[ 1 ] );
+                                       "for \"%s\"",
+                                       c->argv[ 1 ] );
+                               Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
                                urlrc = 1;
                                goto done_url;
                        }
@@ -777,10 +812,11 @@ done_url:;
                        break;
 
                default:
-                       fprintf( stderr, "%s: line %d: "
+                       snprintf( c->msg, sizeof( c->msg),
                                "\"acl-authcDN <DN>\" incompatible "
-                               "with auth method %d.",
-                               c->fname, c->lineno, li->li_acl_authmethod );
+                               "with auth method %d",
+                               li->li_acl_authmethod );
+                       Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
                        return 1;
                }
                if ( !BER_BVISNULL( &li->li_acl_authcDN ) ) {
@@ -802,10 +838,11 @@ done_url:;
                        break;
 
                default:
-                       fprintf( stderr, "%s: line %d: "
+                       snprintf( c->msg, sizeof( c->msg ),
                                "\"acl-passwd <cred>\" incompatible "
-                               "with auth method %d.",
-                               c->fname, c->lineno, li->li_acl_authmethod );
+                               "with auth method %d",
+                               li->li_acl_authmethod );
+                       Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
                        return 1;
                }
                if ( !BER_BVISNULL( &li->li_acl_passwd ) ) {
@@ -897,10 +934,11 @@ done_url:;
                        break;
 
                default:
-                       fprintf( stderr, "%s: line %d: "
+                       snprintf( c->msg, sizeof( c->msg ),
                                "\"idassert-authcDN <DN>\" incompatible "
-                               "with auth method %d.",
-                               c->fname, c->lineno, li->li_idassert_authmethod );
+                               "with auth method %d",
+                               li->li_idassert_authmethod );
+                       Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
                        return 1;
                }
                if ( !BER_BVISNULL( &li->li_idassert_authcDN ) ) {
@@ -922,10 +960,11 @@ done_url:;
                        break;
 
                default:
-                       fprintf( stderr, "%s: line %d: "
+                       snprintf( c->msg, sizeof( c->msg ),
                                "\"idassert-passwd <cred>\" incompatible "
-                               "with auth method %d.",
-                               c->fname, c->lineno, li->li_idassert_authmethod );
+                               "with auth method %d",
+                               li->li_idassert_authmethod );
+                       Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
                        return 1;
                }
                if ( !BER_BVISNULL( &li->li_idassert_passwd ) ) {
@@ -943,10 +982,10 @@ done_url:;
                ber_str2bv( c->argv[ 1 ], 0, 0, &in );
                rc = authzNormalize( 0, NULL, NULL, &in, &bv, NULL );
                if ( rc != LDAP_SUCCESS ) {
-                       fprintf( stderr, "%s: %d: "
+                       snprintf( c->msg, sizeof( c->msg ),
                                "\"idassert-authzFrom <authz>\": "
-                               "invalid syntax.\n",
-                               c->fname, c->lineno );
+                               "invalid syntax" );
+                       Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
                        return 1;
                }
 #else /* !SLAP_AUTHZ_SYNTAX */
@@ -957,10 +996,10 @@ done_url:;
 
        case LDAP_BACK_CFG_IDASSERT_METHOD:
                /* no longer supported */
-               fprintf( stderr, "%s: %d: "
+               snprintf( c->msg, sizeof( c->msg ),
                        "\"idassert-method <args>\": "
-                       "no longer supported; use \"idassert-bind\".\n",
-                       c->fname, c->lineno );
+                       "no longer supported; use \"idassert-bind\"" );
+               Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
                return 1;
 
        case LDAP_BACK_CFG_IDASSERT_BIND:
@@ -971,10 +1010,11 @@ done_url:;
 
                                j = verb_to_mask( argvi, idassert_mode );
                                if ( BER_BVISNULL( &idassert_mode[ j ].word ) ) {
-                                       fprintf( stderr, "%s: %d: "
+                                       snprintf( c->msg, sizeof( c->msg ),
                                                "\"idassert-bind <args>\": "
-                                               "unknown mode \"%s\".\n",
-                                               c->fname, c->lineno, argvi );
+                                               "unknown mode \"%s\"",
+                                               argvi );
+                                       Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
                                        return 1;
                                }
 
@@ -985,11 +1025,11 @@ done_url:;
 
                                if ( strcasecmp( argvi, "native" ) == 0 ) {
                                        if ( li->li_idassert_authmethod != LDAP_AUTH_SASL ) {
-                                               fprintf( stderr, "%s: %d: "
+                                               snprintf( c->msg, sizeof( c->msg ),
                                                        "\"idassert-bind <args>\": "
                                                        "authz=\"native\" incompatible "
-                                                       "with auth method.\n",
-                                                       c->fname, c->lineno );
+                                                       "with auth method" );
+                                               Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
                                                return 1;
                                        }
                                        li->li_idassert_flags |= LDAP_BACK_AUTH_NATIVE_AUTHZ;
@@ -998,10 +1038,11 @@ done_url:;
                                        li->li_idassert_flags &= ~LDAP_BACK_AUTH_NATIVE_AUTHZ;
 
                                } else {
-                                       fprintf( stderr, "%s: %d: "
+                                       snprintf( c->msg, sizeof( c->msg ),
                                                "\"idassert-bind <args>\": "
-                                               "unknown authz \"%s\".\n",
-                                               c->fname, c->lineno, argvi );
+                                               "unknown authz \"%s\"",
+                                               argvi );
+                                       Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
                                        return 1;
                                }
 
@@ -1011,10 +1052,11 @@ done_url:;
                                int     j;
 
                                if ( flags == NULL ) {
-                                       fprintf( stderr, "%s: %d: "
+                                       snprintf( c->msg, sizeof( c->msg ),
                                                "\"idassert-bind <args>\": "
-                                               "unable to parse flags \"%s\".\n",
-                                               c->fname, c->lineno, argvi );
+                                               "unable to parse flags \"%s\"",
+                                               argvi );
+                                       Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
                                        return 1;
                                }
 
@@ -1029,10 +1071,11 @@ done_url:;
                                                li->li_idassert_flags &= ( ~LDAP_BACK_AUTH_PRESCRIPTIVE );
 
                                        } else {
-                                               fprintf( stderr, "%s: %d: "
+                                               snprintf( c->msg, sizeof( c->msg ),
                                                        "\"idassert-bind <args>\": "
-                                                       "unknown flag \"%s\".\n",
+                                                       "unknown flag \"%s\"",
                                                        c->fname, c->lineno, flags[ j ] );
+                                               Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
                                                return 1;
                                        }
                                }
@@ -1084,10 +1127,6 @@ done_url:;
                break;
 
        case LDAP_BACK_CFG_TIMEOUT:
-               if ( c->argc < 2 ) {
-                       return 1;
-               }
-
                for ( i = 1; i < c->argc; i++ ) {
                        if ( isdigit( c->argv[ i ][ 0 ] ) ) {
                                int             j;
@@ -1110,13 +1149,26 @@ done_url:;
                }
                break;
 
+       case LDAP_BACK_CFG_IDLE_TIMEOUT: {
+               unsigned long   t;
+
+               if ( lutil_parse_time( c->argv[ 1 ], &t ) != 0 ) {
+                       snprintf( c->msg, sizeof( c->msg),
+                               "unable to parse idle timeout \"%s\"",
+                               c->argv[ 1 ] );
+                       Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
+                       return 1;
+               }
+               li->li_idle_timeout = (time_t)t;
+               } break;
+
        case LDAP_BACK_CFG_REWRITE:
-               fprintf( stderr, "%s: line %d: "
+               snprintf( c->msg, sizeof( c->msg ),
                        "rewrite/remap capabilities have been moved "
                        "to the \"rwm\" overlay; see slapo-rwm(5) "
                        "for details (hint: add \"overlay rwm\" "
-                       "and prefix all directives with \"rwm-\").\n",
-                       c->fname, c->lineno );
+                       "and prefix all directives with \"rwm-\")" );
+               Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->msg, 0 );
                return 1;
                
        default:
diff --git a/servers/slapd/back-meta/back-meta.h b/servers/slapd/back-meta/back-meta.h
index 8ac932bb9996585ff2ebf15b3f8bda0929675444..2a260e21f81419b33e0b095c949d37d162b0aa0e 100644 (file)
--- a/servers/slapd/back-meta/back-meta.h
+++ b/servers/slapd/back-meta/back-meta.h
@@ -177,6 +177,8 @@ typedef struct metasingleconn_t {
 #define META_ANONYMOUS         2
 #endif
 
+       time_t                  msc_time;
+
        struct metainfo_t       *msc_info;
 } metasingleconn_t;
 
@@ -228,6 +230,8 @@ typedef struct metatarget_t {
 
        unsigned                mt_flags;
        int                     mt_version;
+       time_t                  mt_network_timeout;
+       time_t                  mt_idle_timeout;
        time_t                  mt_timeout[ LDAP_BACK_OP_LAST ];
 } metatarget_t;
 
@@ -248,7 +252,6 @@ typedef struct metacandidates_t {
 typedef struct metainfo_t {
        int                     mi_ntargets;
        int                     mi_defaulttarget;
-       int                     mi_network_timeout;
 #define META_DEFAULT_TARGET_NONE       (-1)
        int                     mi_nretries;
 
@@ -271,6 +274,8 @@ typedef struct metainfo_t {
 #define META_BACK_DEFER_ROOTDN_BIND(mi)        ( (mi)->mi_flags & META_BACK_F_DEFER_ROOTDN_BIND )
 
        int                     mi_version;
+       time_t                  mi_network_timeout;
+       time_t                  mi_idle_timeout;
        time_t                  mi_timeout[ LDAP_BACK_OP_LAST ];
 } metainfo_t;
 
@@ -313,9 +318,8 @@ meta_back_init_one_conn(
        SlapReply               *rs,
        metatarget_t            *mt, 
        metaconn_t              *mc,
-       metasingleconn_t        *msc,
+       int                     candidate,
        int                     ispriv,
-       int                     isauthz,
        ldap_back_send_t        sendok );
 
 extern int
diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c
index b300e745a4a23d8f35758203f850b29c5f218e9d..158e862b103a082e1d986365741ac1cddc751c23 100644 (file)
--- a/servers/slapd/back-meta/bind.c
+++ b/servers/slapd/back-meta/bind.c
@@ -147,7 +147,7 @@ meta_back_bind( Operation *op, SlapReply *rs )
                         */
                        Debug( LDAP_DEBUG_ANY,
                                "### %s meta_back_bind: more than one"
-                               " candidate is trying to bind...\n",
+                               " candidate selected...\n",
                                op->o_log_prefix, 0, 0 );
                }
 
@@ -334,6 +334,7 @@ rebind:;
                struct timeval  tv;
                int             rc;
                int             nretries = mt->mt_nretries;
+               char            buf[ SLAP_TEXT_BUFLEN ];
 
                LDAP_BACK_TV_SET( &tv );
 
@@ -345,11 +346,12 @@ retry:;
                tv.tv_usec = META_BIND_TIMEOUT;
                switch ( ldap_result( msc->msc_ld, msgid, 0, &tv, &res ) ) {
                case 0:
-                       Debug( LDAP_DEBUG_ANY,
-                               "%s meta_back_single_bind: "
+                       snprintf( buf, sizeof( buf ),
                                "ldap_result=0 nretries=%d%s\n",
-                               op->o_log_prefix, nretries,
-                               rebinding ? " rebinding" : "" );
+                               nretries, rebinding ? " rebinding" : "" );
+                       Debug( LDAP_DEBUG_ANY,
+                               "%s meta_back_single_bind[%d]: %s.\n",
+                               op->o_log_prefix, candidate, buf );
 
                        if ( nretries != META_RETRY_NEVER ) {
                                ldap_pvt_thread_yield();
@@ -381,10 +383,12 @@ retry:;
                                ldap_abandon_ext( msc->msc_ld, msgid, NULL, NULL );
                        }
 
+                       snprintf( buf, sizeof( buf ),
+                               "err=%d nretries=%d",
+                               rs->sr_err, nretries );
                        Debug( LDAP_DEBUG_ANY,
-                               "### %s meta_back_single_bind: "
-                               "err=%d nretries=%d\n",
-                               op->o_log_prefix, rs->sr_err, nretries );
+                               "### %s meta_back_single_bind[%d]: %s.\n",
+                               op->o_log_prefix, candidate, buf );
 
                        rc = slap_map_api2result( rs );
                        if ( rs->sr_err == LDAP_UNAVAILABLE && nretries != META_RETRY_NEVER ) {
@@ -487,6 +491,7 @@ rebind:;
        if ( rc == LDAP_SUCCESS ) {
                LDAPMessage     *res;
                struct timeval  tv;
+               char            buf[ SLAP_TEXT_BUFLEN ];
 
                LDAP_BACK_TV_SET( &tv );
 
@@ -498,11 +503,12 @@ retry:;
                tv.tv_usec = META_BIND_TIMEOUT;
                switch ( ldap_result( msc->msc_ld, msgid, 0, &tv, &res ) ) {
                case 0:
+                       snprintf( buf, sizeof( buf ),
+                               "ldap_result=0 nretries=%d%s",
+                               nretries, rebinding ? " rebinding" : "" );
                        Debug( LDAP_DEBUG_ANY,
-                               "%s meta_back_single_dobind: "
-                               "ldap_result=0 nretries=%d%s\n",
-                               op->o_log_prefix, nretries,
-                               rebinding ? " rebinding" : "" );
+                               "%s meta_back_single_dobind[%d]: %s.\n",
+                               op->o_log_prefix, candidate, buf );
 
                        if ( nretries != META_RETRY_NEVER ) {
                                ldap_pvt_thread_yield();
@@ -535,10 +541,12 @@ retry:;
                                ldap_abandon_ext( msc->msc_ld, msgid, NULL, NULL );
                        }
 
+                       snprintf( buf, sizeof( buf ),
+                               "err=%d nretries=%d",
+                               rs->sr_err, nretries );
                        Debug( LDAP_DEBUG_ANY,
-                               "### %s meta_back_single_dobind: "
-                               "err=%d nretries=%d\n",
-                               op->o_log_prefix, rs->sr_err, nretries );
+                               "### %s meta_back_single_dobind[%d]: %s.\n",
+                               op->o_log_prefix, candidate, buf );
 
                        rc = slap_map_api2result( rs );
                        if ( rc == LDAP_UNAVAILABLE && nretries != META_RETRY_NEVER ) {
@@ -558,9 +566,8 @@ retry:;
                                        /* mc here must be the regular mc,
                                         * reset and ready for init */
                                        rc = meta_back_init_one_conn( op, rs,
-                                               mt, mc, msc,
+                                               mt, mc, candidate,
                                                LDAP_BACK_CONN_ISPRIV( mc ),
-                                               candidate == mc->mc_authz_target,
                                                LDAP_BACK_DONTSEND );
 
                                } else {
diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c
index 3516b82e359492d4a75da45679ae28f29a316388..9e50749618c5d1796644f16412aa800e5f576a50 100644 (file)
--- a/servers/slapd/back-meta/config.c
+++ b/servers/slapd/back-meta/config.c
@@ -35,7 +35,7 @@
 #include "back-meta.h"
 
 static int
-new_target( 
+meta_back_new_target( 
        metatarget_t    *mt )
 {
         struct ldapmapping     *mapping;
@@ -146,7 +146,7 @@ meta_back_db_config(
                        return 1;
                }
 
-               if ( new_target( &mi->mi_targets[ i ] ) != 0 ) {
+               if ( meta_back_new_target( &mi->mi_targets[ i ] ) != 0 ) {
                        Debug( LDAP_DEBUG_ANY,
        "%s: line %d: unable to init server"
        " in \"uri <protocol>://<server>[:port]/<naming context>\" line\n",
@@ -157,6 +157,8 @@ meta_back_db_config(
                mi->mi_targets[ i ].mt_nretries = mi->mi_nretries;
                mi->mi_targets[ i ].mt_flags = mi->mi_flags;
                mi->mi_targets[ i ].mt_version = mi->mi_version;
+               mi->mi_targets[ i ].mt_idle_timeout = mi->mi_idle_timeout;
+               mi->mi_targets[ i ].mt_network_timeout = mi->mi_network_timeout;
 
                for ( c = 0; c < LDAP_BACK_OP_LAST; c++ ) {
                        mi->mi_targets[ i ].mt_timeout[ c ] = mi->mi_timeout[ c ];
@@ -344,7 +346,11 @@ meta_back_db_config(
 
        /* network timeout when connecting to ldap servers */
        } else if ( strcasecmp( argv[ 0 ], "network-timeout" ) == 0 ) {
+               int             i = mi->mi_ntargets - 1;
                unsigned long   t;
+               time_t          *tp = mi->mi_ntargets ?
+                               &mi->mi_targets[ mi->mi_ntargets - 1 ].mt_network_timeout
+                               : &mi->mi_network_timeout;
 
                if ( argc != 2 ) {
                        Debug( LDAP_DEBUG_ANY,
@@ -361,7 +367,40 @@ meta_back_db_config(
 
                }
 
-               mi->mi_network_timeout = (int)t;
+               *tp = (time_t)t;
+
+       /* idle timeout when connecting to ldap servers */
+       } else if ( strcasecmp( argv[ 0 ], "idle-timeout" ) == 0 ) {
+               int             i = mi->mi_ntargets - 1;
+               unsigned long   t;
+               time_t          *tp = mi->mi_ntargets ?
+                               &mi->mi_targets[ mi->mi_ntargets - 1 ].mt_idle_timeout
+                               : &mi->mi_idle_timeout;
+
+               switch ( argc ) {
+               case 1:
+                       Debug( LDAP_DEBUG_ANY,
+       "%s: line %d: missing timeout value in \"idle-timeout <seconds>\" line\n",
+                               fname, lineno, 0 );
+                       return 1;
+               case 2:
+                       break;
+               default:
+                       Debug( LDAP_DEBUG_ANY,
+       "%s: line %d: extra cruft after timeout value in \"idle-timeout <seconds>\" line\n",
+                               fname, lineno, 0 );
+                       return 1;
+               }
+
+               if ( lutil_parse_time( argv[ 1 ], &t ) ) {
+                       Debug( LDAP_DEBUG_ANY,
+       "%s: line %d: unable to parse timeout \"%s\" in \"idle-timeout <seconds>\" line\n",
+                               fname, lineno, argv[ 1 ] );
+                       return 1;
+
+               }
+
+               *tp = (time_t)t;
 
        /* name to use for meta_back_group */
        } else if ( strcasecmp( argv[ 0 ], "acl-authcDN" ) == 0
diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c
index 772771abf9ac85385d1a7a94215c748e3bc2dc0c..a37f8f48164685d6bb9d64f9c9693ab0b5c1a656 100644 (file)
--- a/servers/slapd/back-meta/conn.c
+++ b/servers/slapd/back-meta/conn.c
@@ -206,20 +206,34 @@ meta_back_init_one_conn(
        SlapReply               *rs,
        metatarget_t            *mt, 
        metaconn_t              *mc,
-       metasingleconn_t        *msc,
+       int                     candidate,
        int                     ispriv,
-       int                     isauthz,
        ldap_back_send_t        sendok )
 {
-       metainfo_t      *mi = ( metainfo_t * )op->o_bd->be_private;
-       int             vers;
-       dncookie        dc;
+       metainfo_t              *mi = ( metainfo_t * )op->o_bd->be_private;
+       metasingleconn_t        *msc = &mc->mc_conns[ candidate ];
+       int                     vers;
+       dncookie                dc;
+       int                     isauthz = ( candidate == mc->mc_authz_target );
 
        /*
         * Already init'ed
         */
        if ( msc->msc_ld != NULL ) {
-               return rs->sr_err = LDAP_SUCCESS;
+               if ( mt->mt_idle_timeout == 0 ) {
+                       return rs->sr_err = LDAP_SUCCESS;
+               }
+
+               if ( op->o_time > msc->msc_time + mt->mt_idle_timeout ) {
+                       Debug( LDAP_DEBUG_TRACE,
+                               "%s meta_back_init_one_conn[%d]: idle timeout.\n",
+                               op->o_log_prefix, candidate, 0 );
+                       if ( meta_back_retry( op, rs, mc, candidate, sendok ) ) {
+                               return rs->sr_err;
+                       }
+               }
+
+               msc->msc_time = op->o_time;
        }
        
        /*
@@ -344,11 +358,11 @@ retry:;
        /*
         * Set the network timeout if set
         */
-       if ( mi->mi_network_timeout != 0 ) {
+       if ( mt->mt_network_timeout != 0 ) {
                struct timeval  network_timeout;
 
                network_timeout.tv_usec = 0;
-               network_timeout.tv_sec = mi->mi_network_timeout;
+               network_timeout.tv_sec = mt->mt_network_timeout;
 
                ldap_set_option( msc->msc_ld, LDAP_OPT_NETWORK_TIMEOUT,
                                (void *)&network_timeout );
@@ -414,6 +428,10 @@ error_return:;
                 */
                ( void )rewrite_session_init( mt->mt_rwmap.rwm_rw, op->o_conn );
 
+               if ( mt->mt_idle_timeout ) {
+                       msc->msc_time = op->o_time;
+               }
+
        } else {
                rs->sr_err = slap_map_api2result( rs );
                if ( sendok & LDAP_BACK_SENDERR ) {
@@ -449,17 +467,22 @@ retry_lock:;
        assert( mc->mc_refcnt > 0 );
 
        if ( mc->mc_refcnt == 1 ) {
+               char    buf[ SLAP_TEXT_BUFLEN ];
+
                while ( ldap_pvt_thread_mutex_trylock( &mc->mc_mutex ) ) {
                        ldap_pvt_thread_mutex_unlock( &mi->mi_conninfo.lai_mutex );
                        ldap_pvt_thread_yield();
                        goto retry_lock;
                }
 
-               Debug( LDAP_DEBUG_ANY,
-                       "%s meta_back_retry: retrying URI=\"%s\" DN=\"%s\"\n",
-                       op->o_log_prefix, mt->mt_uri,
+               snprintf( buf, sizeof( buf ),
+                       "retrying URI=\"%s\" DN=\"%s\"",
+                       mt->mt_uri,
                        BER_BVISNULL( &msc->msc_bound_ndn ) ?
                                "" : msc->msc_bound_ndn.bv_val );
+               Debug( LDAP_DEBUG_ANY,
+                       "%s meta_back_retry[%d]: %s.\n",
+                       op->o_log_prefix, candidate, buf );
 
                meta_clear_one_candidate( msc );
                LDAP_BACK_CONN_ISBOUND_CLEAR( msc );
@@ -467,9 +490,8 @@ retry_lock:;
                ( void )rewrite_session_delete( mt->mt_rwmap.rwm_rw, op->o_conn );
 
                /* mc here must be the regular mc, reset and ready for init */
-               rc = meta_back_init_one_conn( op, rs, mt, mc, msc,
-                       LDAP_BACK_CONN_ISPRIV( mc ),
-                       candidate == mc->mc_authz_target, sendok );
+               rc = meta_back_init_one_conn( op, rs, mt, mc, candidate,
+                       LDAP_BACK_CONN_ISPRIV( mc ), sendok );
 
                if ( rc == LDAP_SUCCESS ) {
                        rc = meta_back_single_dobind( op, rs, mc, candidate,
@@ -804,16 +826,14 @@ meta_back_getconn(
 
                for ( i = 0; i < mi->mi_ntargets; i++ ) {
                        metatarget_t            *mt = &mi->mi_targets[ i ];
-                       metasingleconn_t        *msc = &mc->mc_conns[ i ];
 
                        /*
                         * The target is activated; if needed, it is
                         * also init'd
                         */
                        candidates[ i ].sr_err = meta_back_init_one_conn( op,
-                               rs, mt, mc, msc,
-                               LDAP_BACK_CONN_ISPRIV( &mc_curr ),
-                               i == mc->mc_authz_target, sendok );
+                               rs, mt, mc, i,
+                               LDAP_BACK_CONN_ISPRIV( &mc_curr ), sendok );
                        if ( candidates[ i ].sr_err == LDAP_SUCCESS ) {
                                candidates[ i ].sr_tag = META_CANDIDATE;
                                ncandidates++;
@@ -920,7 +940,7 @@ meta_back_getconn(
                }
 
                Debug( LDAP_DEBUG_TRACE,
-       "==>meta_back_getconn: got target %d for ndn=\"%s\" from cache\n",
+       "==>meta_back_getconn: got target=%d for ndn=\"%s\" from cache\n",
                                i, op->o_req_ndn.bv_val, 0 );
 
                if ( mc == NULL ) {
@@ -957,9 +977,8 @@ meta_back_getconn(
                 * also init'd. In case of error, meta_back_init_one_conn
                 * sends the appropriate result.
                 */
-               err = meta_back_init_one_conn( op, rs, mt, mc, msc,
-                       LDAP_BACK_CONN_ISPRIV( &mc_curr ),
-                       i == mc->mc_authz_target, sendok );
+               err = meta_back_init_one_conn( op, rs, mt, mc, i,
+                       LDAP_BACK_CONN_ISPRIV( &mc_curr ), sendok );
                if ( err != LDAP_SUCCESS ) {
                        /*
                         * FIXME: in case one target cannot
@@ -1014,16 +1033,15 @@ meta_back_getconn(
                                 * also init'd
                                 */
                                int lerr = meta_back_init_one_conn( op, rs,
-                                               mt, mc, msc,
+                                               mt, mc, i,
                                                LDAP_BACK_CONN_ISPRIV( &mc_curr ),
-                                               i == mc->mc_authz_target,
                                                sendok );
                                if ( lerr == LDAP_SUCCESS ) {
                                        candidates[ i ].sr_tag = META_CANDIDATE;
                                        candidates[ i ].sr_err = LDAP_SUCCESS;
                                        ncandidates++;
 
-                                       Debug( LDAP_DEBUG_TRACE, "%s: meta_back_init_one_conn(%d)\n",
+                                       Debug( LDAP_DEBUG_TRACE, "%s: meta_back_getconn[%d]\n",
                                                op->o_log_prefix, i, 0 );
 
                                } else {
@@ -1040,7 +1058,7 @@ meta_back_getconn(
                                        candidates[ i ].sr_err = lerr;
                                        err = lerr;
 
-                                       Debug( LDAP_DEBUG_ANY, "%s: meta_back_init_one_conn(%d) failed: %d\n",
+                                       Debug( LDAP_DEBUG_ANY, "%s: meta_back_getconn[%d] failed: %d\n",
                                                op->o_log_prefix, i, lerr );
 
                                        continue;
Cloned from git://git.openldap.org/openldap.git