1

I have some code that allows administrators to manage their organization's users/groups etc and execute extended commands (such as disabling accounts etc). This code is completely separate from the main user application and is only accessible by admins. As such I connect to LDAP using the admin user so I have access to all the commands I need.

What I'm wondering is if I can simply instantiate my LdapConnection, then bind to the server and then cache that connection for use throughout the app (store it in the Application object or in Session for instance) rather than instantiating it and binding every time I need to make a call? In other words, does that LdapConnection object ever expire or timeout or unbind after a certain amount of time? It looks like it has a 'Timeout' property on the connection object but that appears to be per each individual call. Am I correct to assume that once I bind I can just keep using that connection? Any design reason not to do this?

thank you!

snappymcsnap
  • 2,050
  • 2
  • 29
  • 53

2 Answers2

2

Depending on the configuration of the directory server you're using, it might be configured to:

  • timeout idle connections
  • impose a limit on the number of operations per connection
  • impose a limit on the rate of operations
  • allow the client to remain connected indefinitely

Once the connection has been associated with an authentication identity by use of the BIND operation (known as establishing an authorization state for the connection), that authentication state remains in effect for the life of the connection, or until the next BIND request is sent on that connection.

Terry Gardner
  • 10,957
  • 2
  • 28
  • 38
0

I'm no C# expert but I would expect the LdapConnection object to overlay a connection pool rather than represent a physical connection itself.

user207421
  • 305,947
  • 44
  • 307
  • 483