Re: Syslog states ldap_result() failed: Can't contact LDAP server

[Arthur de Jong <arthur [at] arthurdejong.org>]

On Wed, 2011-03-16 at 14:36 +0000, Teichert, Robert wrote: 
> ich have the following issue:
> Installed nslcd on Ubuntu 10.10 with the dependent packets
> (libnss-ldapd libpam-ldapd auth-client-config ldap-auth-client
> ldap-auth-config nslcd)

Hi, which version of nss-pam-ldapd are you using?

I don't know about auth-client-config, ldap-auth-client and
ldap-auth-config. I don't think they are needed for nss-pam-ldapd.
Aren't those the Ubuntu packages meant to set up libnss-ldap and
libpam-ldap?

> The ldap authentication on that machine works fine until now. But from
> time to time there are some strange messages in syslog: 
> 
> Mar 16 14:58:31 myhost nslcd[16637]: [0e0f76] ldap_result() failed: Can't 
> contact LDAP server
> Mar 16 14:58:31 myhost nslcd[16637]: [52255a] ldap_result() failed: Can't 
> contact LDAP server
[...]
> Interesting point is, that i do NOT receive this message always, just
> when waiting some time between the requests.
> Also intersting is, that i receive the correct information from ldap,
> but syslog is filled with errors. 
> 
> my nslcd.conf:
> timelimit 30
> idle_timelimit 600

There was an issue with the idle_timelimit option not working correctly.
That should be fixed in 0.7.13 though.

It could be that the LDAP server is closing the connection after a
timeout (Microsoft Active Directory is known to do this). This will
confuse the LDAP client library so it is always better to specify
idle_timelimit on the client side).

If this does not provide a fix, perhaps you could post more details when
running nslcd in debug mode? It provides more details on what is going
on.

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users