Loading ...
Sorry, an error occurred while loading the content.

291850Re: Persistant LDAP connections

Expand Messages
  • Viktor Dukhovni
    Mar 8, 2013
    • 0 Attachment
      On Fri, Mar 08, 2013 at 11:24:25AM -0800, Quanah Gibson-Mount wrote:

      > >This is not a feature, it is a bug. OpenDKIM is a multi-threaded
      > >process that does not periodically exit to be replaced by a fresh
      > >process. As such it does not tolerate memory leaks in its own code
      > >or in the libraries it uses.
      > OpenDKIM does what I ask. It makes a persistent connection and cuts
      > out the overhead of persistent rebinding.

      Just because you want it, does not mean it is better. :-)

      > Thanks for pointing out max_use. Now instead of postfix rebinding
      > every 4-5 minutes to the LDAP servers, it is at least every 20
      > minutes between binds, significantly cutting out startTLS
      > negotiation overhead and improving performance.
      > It is trivial to see what a significant difference it makes in
      > postfix behavior to go from the default of 100 to 5000:
      > <http://www.pastebin.ca/2330089>

      It is surely trivial to see what an insignificant difference this
      makes. Between all those connections thousands of lookups are
      made, the connection overhead is negligible.

      The difference between a TLS handshake and LDAP bind every 4-5
      minutes vs. every 20 minutes (or even infinity as with DKIM) is
      negligible. Almost all the payoff from re-use is in the first
      O(10) uses, after that it is diminishing returns all the way....

      It is similar with max_use, it is of couse reasonably safe to have
      it higher than 100, but the benefit is marginal at best.

    • Show all 15 messages in this topic