LDAP connection problems
Problem: each server creates a few connections, apache currently doesn’t cache/share connections between processes. Ldap server only will run about 100 threads. Having all those connections creates problems with recreating connections. Apache processes won’t accept logins. You have to close your browser and start a new one to login to a secure page. You get a new apache process serving your secure request.
Solutions: Fix apache. Run multiple LDAP servers.
Each server could have it’s own LDAP slave that it connects to. But still the apache connections are the majority of the problem and would be all on one server. We only have so many servers to run a DNS round-robin LDAP slave farm on. And I can’t figure out how to have multiple slaves. Openldap’s slapd doesn’t seem like the most scalable or configurable server to me.
What if we ran tons of slapd servers on a single machine, each listening on a different port. They would each use a small amount of memory, since our LDAP database is so small. Make each server connect to a different port, and spread each specifically secured directory in apache to a different port. So answerline logins would connect to one port, styx to a different, staff to another, etc. The Staff.php class that connects from PHP to get staff names for answerline and SINC could have some code to distribute it’s connections also.
It would probably be better to run a development build of apache that actually can cache connections. The ldap code has been much improved in the 2.1.X branch.
Just noting the port idea here for future reference.