lists.arthurdejong.org
RSS feed

Re: Syslog states ldap_result() failed: Can't contact LDAP server

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Syslog states ldap_result() failed: Can't contact LDAP server



On Fri, 2011-03-18 at 05:51 +0000, Teichert, Robert wrote:
> > Hi, which version of nss-pam-ldapd are you using?
> 
> dpkg -l | grep -e libpam-ldapd -e libnss-ldapd -e nslcd
> ii  libnss-ldapd                  0.7.6                             NSS 
> module for using LDAP as a naming service
> ii  libpam-ldapd                 0.7.6                             PAM module 
> for using LDAP as an authentication service
> ii  nslcd                            0.7.6                             Daemon 
> for NSS and PAM lookups using LDAP

There were several fixes related to timing and reconnect logic since
that release.

> > There was an issue with the idle_timelimit option not working correctly.
> > That should be fixed in 0.7.13 though.
> 
> 0.7.13 isn't in the ubuntu repositories until now :( are there any
> precompiled x64 deb binaries?

You could try the packages from Debian:
  http://packages.debian.org/src:nss-pam-ldapd

Also, you could try building the packages from source in Ubuntu. The
source tarball contains a debian directory that is used in Debian to
build the packages.

Failing that, I think the best you can do is file a bugreport with
Ubuntu.

> > If this does not provide a fix, perhaps you could post more details when 
> > running nslcd in debug mode? It provides more details on what is going on.
> Here the debug output:
> 
> Seperated by blank lines:
> part 1: startup
> part 2: getent passwd teichert
> part 3: id teichert
> part 4: shutdown

Was there a lot of time between part 2 and 3? Only the sixt request to
the LDAP server failed (this was most likely using the connection that
was user for the first lookup) so it could be that the LDAP server
closed the connection (perhaps the timelimit is used).

The "error writing to client: Broken pipe" are most likely the result of
the NSS library re-trying to read the group with a larger buffer (the
group with id 64969 is probably very large).

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users