Hello,
We are using Adaxes' ADSI provider interface to interact with AD via web services. Our AD account has approximately 4000 active users, and most users have about 40 groups. We use group nesting to simplify AD administration. For example, we have a Managers group, and any security groups that we create that should only include Managers only have that group as a member. We have a custom authorization provider that will check if a user is a member of an application specific group and grant them permissions in the application based on that membership. However, our query to get group membership can take quite a while to run (we have a 1 min timeout on our TCP connection settings and we are exceeding that in some cases). When that timeout is exceeded, our tcp connection is closed by our application. However, we suspect the connection that Adaxes was using to communicate with AD (ldap_connection_pool) is not being released. Therefore, whenever one of these connections is closed by our application, that connection is never freed, and is not available until we restart the Adaxes services.
Our load is pretty high on this system, with, at times, more than 20,000 requests in an hour. We are using a WCF service to connect to Adaxes, and have it throttled to 5 instances of the service and 5 concurrent connections. We have 4 load-balanced Adaxes servers that are only used for our web services.
Please email me if you would like to see my GetGroupMembership method and my tcp connection settings. Thanks.