Re: no available LDAP server found
[Date Prev][Date Next] [Thread Prev][Thread Next]Re: no available LDAP server found
- From: Aurélien Requiem <aurelien.requiem [at] gmail.com>
- To: Arthur de Jong <arthur [at] arthurdejong.org>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: no available LDAP server found
- Date: Thu, 9 Dec 2010 10:23:48 +1100
Hi
Thank you for the answer. In the mean time, I manage to create a "fix" or at least a patch to make things work.
The very basic thing done there is I check if the idle_limit has been reached and if so simply close the session regardless if there's any ongoing searches.
I've been testing this all night and this morning as well, and for now it seems to be working fine.
I came to that solution when I realized we never could enter in "myldap_session_check(): idle_timelimit reached".
Also, to reply on a specific point, I usually need more than 5 queries to get a reconnection.
I'll check out the dev branch and let yo know about the results.
Feel free to give me feedback on my patch.
Thank you
On Thu, Dec 9, 2010 at 9:54 AM, Arthur de Jong <arthur [at] arthurdejong.org> wrote:
On Tue, 2010-12-07 at 19:08 +1100, Aurélien Requiem wrote:The problem is that nslcd does not do anything when it is not performing
> 1 - the ldap idle issue:
> In the conf file, I have set the following parameters:
> bind_timelimit 15
> timelimit 30
> idle_timelimit 5
> reconnect_sleeptime 5
> reconnect_retrytime 5
>
> The idle time is set to 5 seconds. I've noticed if I start the service
> and perform one query, a connection is created (ok). I wait 10 second
> and perform another query. A second tcp connection is open and the
> first one is still as ESTABLISHED. I can do the same and get a total
> of 5 active tcp connection with none being closed after 5 seconds.
> In the code, there's a message like this "myldap_session_check():
> idle_timelimit reached" but I can't get it displayd with -d option.
LDAP operations. This means that it only checks whether a connection
should be closed when a request comes in. This is broken. The worker
threads should wake up once in a while and check if the connection
should be closed. This has just been implemented in the development
branch.
Perhaps making reconnect_retrytime higher than reconnect_sleeptime will
> 2 - the reconnection issue.
> Not sure why, but if the server is a bit "busy" it seems to be ok.
> Though, if my linux server is mostly idling, it starts to become a
> problem. I got messages like this one :
>
> nslcd: [b71efb] no available LDAP server found
> nslcd: [b71efb] DEBUG: myldap_search(base="CN=Users,DC=office,DC=loadedtech,DC=com,DC=au", filter="(&(objectClass=group)(memberUid=root))")
> nslcd: [b71efb] DEBUG: not retrying server ldap://foobar.com.au/ which failed just 0 second(s) ago and has been failing for 1727 seconds
> nslcd: [b71efb] no available LDAP server found
> nslcd: [e2a9e3] DEBUG: connection from pid=29419 uid=0 gid=0
> nslcd: [e2a9e3] DEBUG: nslcd_group_bymember(root)
> nslcd: [e2a9e3] DEBUG: myldap_search(base="CN=Users,DC=office,DC=loadedtech,DC=com,DC=au", filter="(&(objectClass=user)(uid=root))")
> nslcd: [e2a9e3] ldap_search_ext() failed: Can't contact LDAP server
> nslcd: [e2a9e3] DEBUG: ldap_unbind()
> nslcd: [e2a9e3] no available LDAP server found
> nslcd: [e2a9e3] DEBUG: myldap_search(base="CN=Users,DC=office,DC=loadedtech,DC=com,DC=au", filter="(&(objectClass=group)(memberUid=root))")
> nslcd: [e2a9e3] DEBUG: not retrying server ldap://foobar.com.au/ which failed just 0 second(s) ago and has been failing for 3047 seconds
> nslcd: [e2a9e3] no available LDAP server found
>
> And then, for some reasons (maybe when AD closes the TCP connection ?)
> nslcd seemd to be back online and starts to send queries again.
> Otherwise, I have to stop the daemon myself and then restart it to
> have resolution working again.
fix some of these issues (probably use sleeptime 1). I think the
connection is broken (probably timed out) in all 5 worker threads and
because both values are the same only one try is done. This should mean
that 5 NSS requests should be enough to get nslcd running again (it
should recover the first time if retrytime is higher than sleeptime).
If you can check that the development version fixes the first problem I
> I don't know if anyone already had such problem in the past, but any
> help would be great. I can provide as many logs as you want if you
> need some and even do some beta testings.
guess the second one shouldn't appear any more.
Thanks for reporting this.
--
-- arthur - arthur [at] arthurdejong.org - http://arthurdejong.org --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe [at] lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users
Attachment:
ldap-disconect-reconnect.diff
Description: Binary data
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see http://lists.arthurdejong.org/nss-pam-ldapd-users
- no available LDAP server found,
Aurélien Requiem
- Re: no available LDAP server found,
Arthur de Jong
- Re: no available LDAP server found, Aurélien Requiem
- Re: no available LDAP server found,
Arthur de Jong
- Re: no available LDAP server found, Aurélien Requiem
- Re: no available LDAP server found,
Arthur de Jong
- Prev by Date: Re: no available LDAP server found
- Next by Date: Re: no available LDAP server found
- Previous by thread: Re: no available LDAP server found
- Next by thread: Re: no available LDAP server found