lists.arthurdejong.org
RSS feed

no available LDAP server found

[Date Prev][Date Next] [Thread Prev][Thread Next]

no available LDAP server found



Hi the list,

As I'm new to this list, please excuse me if this problem has already been solved. I had a look to the archives, but nothing so far (except this one http://lists.arthurdejong.org/nss-pam-ldapd-users/2010/msg00094.html)

I've setup nss-ldapd 0.7.12 in ubuntu server 64b with Windows 2008r2 + AD.
I took a good care to disable nscd as I know it is sometimes the source of problems.
Both windows and Ubuntu run on the same server using vmware, so no physical network issues on that side.

Most of the time, all is fine. I get my users, I get my groups, I can authenticate users and I'm happy.
But, for some reasons, nslcd seems at some points "confused" and loose all the connections and can get it back or after and extended period of time...

I'll try to be as concise as possible :

1 - the ldap idle issue:
In the conf file, I have set the following parameters:
bind_timelimit 15
timelimit 30
idle_timelimit 5
reconnect_sleeptime 5
reconnect_retrytime 5

The idle time is set to 5 seconds. I've noticed if I start the service and perform one query, a connection is created (ok). I wait 10 second and perform another query. A second tcp connection is open and the first one is still as ESTABLISHED. I can do the same and get a total of 5 active tcp connection with none being closed after 5 seconds.
In the code, there's a message like this "myldap_session_check(): idle_timelimit reached" but I can't get it displayd with -d option.

2 - the reconnection issue.
Not sure why, but if the server is a bit "busy" it seems to be ok. Though, if my linux server is mostly idling, it starts to become a problem. I got messages like this one :

nslcd: [b71efb] no available LDAP server found
nslcd: [b71efb] DEBUG: myldap_search(base="CN=Users,DC=office,DC=loadedtech,DC=com,DC=au", filter="(&(objectClass=group)(memberUid=root))")
nslcd: [b71efb] DEBUG: not retrying server ldap://foobar.com.au/ which failed just 0 second(s) ago and has been failing for 1727 seconds
nslcd: [b71efb] no available LDAP server found
nslcd: [e2a9e3] DEBUG: connection from pid=29419 uid=0 gid=0
nslcd: [e2a9e3] DEBUG: nslcd_group_bymember(root)
nslcd: [e2a9e3] DEBUG: myldap_search(base="CN=Users,DC=office,DC=loadedtech,DC=com,DC=au", filter="(&(objectClass=user)(uid=root))")
nslcd: [e2a9e3] ldap_search_ext() failed: Can't contact LDAP server
nslcd: [e2a9e3] DEBUG: ldap_unbind()
nslcd: [e2a9e3] no available LDAP server found
nslcd: [e2a9e3] DEBUG: myldap_search(base="CN=Users,DC=office,DC=loadedtech,DC=com,DC=au", filter="(&(objectClass=group)(memberUid=root))")
nslcd: [e2a9e3] DEBUG: not retrying server ldap://foobar.com.au/ which failed just 0 second(s) ago and has been failing for 3047 seconds
nslcd: [e2a9e3] no available LDAP server found

And then, for some reasons (maybe when AD closes the TCP connection ?) nslcd seemd to be back online and starts to send queries again. Otherwise, I have to stop the daemon myself and then restart it to have resolution working again.

As mentioned above, both server are on the same computer, so I hardly seem a network problem at this level... And AD doesn't seem to reject any connection using the event viewer...

I don't know if anyone already had such problem in the past, but any help would be great. I can provide as many logs as you want if you need some and even do some beta testings.

Thank you.
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users