3.9.14. HoldServerConnection Previous topic Parent topic Child topic Next topic

By default the LDAP clauses, except<AuthBy LDAPRADIUS>, disconnect from the LDAP server after each authentication. This is because not all LDAP servers permit multiple searches from the same LDAP connection. HoldServerConnection forces holding the connection to the LDAP server up for as long as possible. It is an optional parameter and available for <AuthBy LDAP> and <AuthBy LDAPDIGIPASS>.
Most of the LDAP servers support this behaviour and it can significantly improve performance, especially where UseTLS or UseSSL is enabled. If you enable this parameter and get unwanted behaviour, you are probably using an unsupported LDAP server. In this case, remove this parameter.
Here is an example of using HoldServerConnection:
# Our server supports multiple searches
In some cases, using HoldServerConnection with ServerChecksPassword of <AuthBy LDAP2> may cause failure situations. This is due to some LDAP servers' behaviour when the password check fails but the connection is not closed. A failure situation may also occur when the password check succeeds but the user is not allowed to perform searches in the server. If your users experience unexpected authentication failures, try testing your system without using these 2 parameters together.