lists.arthurdejong.org
RSS feed

Re: ldap_result() failed: Can't contact LDAP server (AGAIN)

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: ldap_result() failed: Can't contact LDAP server (AGAIN)



On Fri, Jan 27, 2012 at 04:56:21PM -0800, Charlie Wyse wrote:
>    I saw the thread around March of 11.  But from reading over it, it looked
>    like the issue was never resolved.
>     (http://lists.arthurdejong.org/nss-pam-ldapd-users/2011/msg00049.html)
>    Since we have moved to RHEL6.  We are noticing these errors very often on
>    all of our systems.  However as others have reported.  Everything appears
>    to work fine, so it looks like it's just a little to verbose.  Is there a
>    way to limit verbosity so we don't see this message, or any solutions that
>    actually just fix this issue?
>    One of our developers said this is caused by ldap recieving the timeout,
>    then displaying this message before reconnecting instead of just
>    reconnecting and if that fails, displaying this message.  However I tried
>    to look through the nss-pam source and I couldn't really see this error
>    message in the code, making me believe it's another library that's making
>    the call?
>    Anyhow, we have a ticket with Red Hat to help resolve this but I wanted to
>    also speak directly to the list to see if there is more information, ie.
>    It's based on the fact that we use SUN Netscape ldap vs. openldap.  Or if
>    anyone has found a magic idle_timelimit setting, or version of openldap
>    libraries that will make this work?  I tried the latest version of
>    nss-pam-ldapd and I notcied it's still there.  It's hard for us to get
>    signoff to push RHEL6 out when the messages are just filled with the same
>    thing over and over.  It looks like we get 4 messages every time someone
>    uses sudo after 5 minutes,  Then just a few messages every 10 minutes or
>    so.  I've adjusted every timelimit option I could find in nslcd but it
>    just doesn't go away.  Any help would be appreciated.

Hello,

which exact version are you running on RHEL6?  A fix to make idle_timelimit
work was backported to nss-pam-ldapd-0.7.5-14.el6_2.1

If you are running that version, I think that the debug output (nslcd
-d) would be a great place to start.
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/