Re: Persistant LDAP connections
- On Fri, Mar 08, 2013 at 11:24:25AM -0800, Quanah Gibson-Mount wrote:
> >This is not a feature, it is a bug. OpenDKIM is a multi-threadedJust because you want it, does not mean it is better. :-)
> >process that does not periodically exit to be replaced by a fresh
> >process. As such it does not tolerate memory leaks in its own code
> >or in the libraries it uses.
> OpenDKIM does what I ask. It makes a persistent connection and cuts
> out the overhead of persistent rebinding.
> Thanks for pointing out max_use. Now instead of postfix rebindingIt is surely trivial to see what an insignificant difference this
> every 4-5 minutes to the LDAP servers, it is at least every 20
> minutes between binds, significantly cutting out startTLS
> negotiation overhead and improving performance.
> It is trivial to see what a significant difference it makes in
> postfix behavior to go from the default of 100 to 5000:
makes. Between all those connections thousands of lookups are
made, the connection overhead is negligible.
The difference between a TLS handshake and LDAP bind every 4-5
minutes vs. every 20 minutes (or even infinity as with DKIM) is
negligible. Almost all the payoff from re-use is in the first
O(10) uses, after that it is diminishing returns all the way....
It is similar with max_use, it is of couse reasonably safe to have
it higher than 100, but the benefit is marginal at best.