Re: no available LDAP server found
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: no available LDAP server found
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: no available LDAP server found
- Date: Wed, 08 Dec 2010 23:54:48 +0100
On Tue, 2010-12-07 at 19:08 +1100, Aurélien Requiem wrote:
> 1 - the ldap idle issue:
> In the conf file, I have set the following parameters:
> bind_timelimit 15
> timelimit 30
> idle_timelimit 5
> reconnect_sleeptime 5
> reconnect_retrytime 5
>
> The idle time is set to 5 seconds. I've noticed if I start the service
> and perform one query, a connection is created (ok). I wait 10 second
> and perform another query. A second tcp connection is open and the
> first one is still as ESTABLISHED. I can do the same and get a total
> of 5 active tcp connection with none being closed after 5 seconds.
> In the code, there's a message like this "myldap_session_check():
> idle_timelimit reached" but I can't get it displayd with -d option.
The problem is that nslcd does not do anything when it is not performing
LDAP operations. This means that it only checks whether a connection
should be closed when a request comes in. This is broken. The worker
threads should wake up once in a while and check if the connection
should be closed. This has just been implemented in the development
branch.
> 2 - the reconnection issue.
> Not sure why, but if the server is a bit "busy" it seems to be ok.
> Though, if my linux server is mostly idling, it starts to become a
> problem. I got messages like this one :
>
> nslcd: [b71efb] no available LDAP server found
> nslcd: [b71efb] DEBUG:
> myldap_search(base="CN=Users,DC=office,DC=loadedtech,DC=com,DC=au",
> filter="(&(objectClass=group)(memberUid=root))")
> nslcd: [b71efb] DEBUG: not retrying server ldap://foobar.com.au/ which failed
> just 0 second(s) ago and has been failing for 1727 seconds
> nslcd: [b71efb] no available LDAP server found
> nslcd: [e2a9e3] DEBUG: connection from pid=29419 uid=0 gid=0
> nslcd: [e2a9e3] DEBUG: nslcd_group_bymember(root)
> nslcd: [e2a9e3] DEBUG:
> myldap_search(base="CN=Users,DC=office,DC=loadedtech,DC=com,DC=au",
> filter="(&(objectClass=user)(uid=root))")
> nslcd: [e2a9e3] ldap_search_ext() failed: Can't contact LDAP server
> nslcd: [e2a9e3] DEBUG: ldap_unbind()
> nslcd: [e2a9e3] no available LDAP server found
> nslcd: [e2a9e3] DEBUG:
> myldap_search(base="CN=Users,DC=office,DC=loadedtech,DC=com,DC=au",
> filter="(&(objectClass=group)(memberUid=root))")
> nslcd: [e2a9e3] DEBUG: not retrying server ldap://foobar.com.au/ which failed
> just 0 second(s) ago and has been failing for 3047 seconds
> nslcd: [e2a9e3] no available LDAP server found
>
> And then, for some reasons (maybe when AD closes the TCP connection ?)
> nslcd seemd to be back online and starts to send queries again.
> Otherwise, I have to stop the daemon myself and then restart it to
> have resolution working again.
Perhaps making reconnect_retrytime higher than reconnect_sleeptime will
fix some of these issues (probably use sleeptime 1). I think the
connection is broken (probably timed out) in all 5 worker threads and
because both values are the same only one try is done. This should mean
that 5 NSS requests should be enough to get nslcd running again (it
should recover the first time if retrytime is higher than sleeptime).
> I don't know if anyone already had such problem in the past, but any
> help would be great. I can provide as many logs as you want if you
> need some and even do some beta testings.
If you can check that the development version fixes the first problem I
guess the second one shouldn't appear any more.
Thanks for reporting this.
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users