LDAP Connections

Question

I have a very basic question about the LDAP Protocol:

Can a client be connected for an undefined period of time or each authentication requires to open and close a tcp connection?

Answer 1

LDAP servers may implement multiple limits on the server side , The LDAP client APIs also provide options to set limits at the client side. Some of the server side limits are [ In case of Oracle DSEE]

Size limit - Number of searh result entries returned Time limit - Time taken to process the request Idle time Limit - How much time the connection can stay idle ? [keepalive at load balancers can keep the connection alive] . server access log marks connections closed because of idle time . Lookthrough limit - Number of candidate entries to look through for a given ldap search

Client APIs may set it's own time and size limit

Answer 2

In addition to what Terry says, professional quality LDAP client APIs use a connection pool to hide all these gory details from you; to keep connections open as long as possible; and to recover from situations where the server imposes a connection termination rule.

Answer 3

Professional-quality LDAP servers can be configured to terminate clients after a period of time, a maximum number of operations, or other conditions; or alternatively, leave the the client connected forever. Ask your LDAP server administrator whether client connections are being terminated for any of the conditions listed, or perhaps others.