Re: nslcd and ubuntu 10.04

[Christopher Wood <christopher_wood [at] pobox.com>]

Oh, you're a familiar face. ;)

I use:

idle_timelimit 30

If your sockets cross a firewall then you may also be seeing the firewall 
timing out on inactive sockets.

I found that in my environment, occasionally an ldap lookup would simply fail 
for no apparent reason. Every manual test succeeded, but intermittently 
automated tests would fail. I personally wrote it off to a gremlin that we have 
neither time nor personnel to chase, and banned nscd in case of cached negative 
result.

In my case with 0.7.13 I left it sitting on some lab hosts with the above 
idle_timelimit for a week and wasn't able to reproduce my prior issue.

On Thu, Sep 27, 2012 at 09:39:02AM -0400, Adam Wolfe wrote:
> Greetings,
> 
> I was curious if anyone had written a guide or had (successful)
> experience getting ldap over ssl/tls working on ubuntu 10.04 using
> nslcd/libnss-ldapd.
> 
> I'm having trouble where nslcd starts failing to connect to the ldap
> server after a few hours.  Restarting nslcd or simply "id"ing an
> ldap user fixes the issue temporarily.
> I've read that version 0.7.2 is known to be buggy, despite being the
> version in the ubuntu repos.  I've installed 0.7.13 from the ubuntu
> 10.10 repos, but I'm still seeing failed connections in syslog.
> Recently I've adjusted the idle_timelimit to 1sec in nslcd.conf.
> Seems steady so far, but it's only been a few minutes (failed
> connections typically start within 2min).
> 
> I have about 100 servers to migrate from 8.04 to 10.04 early next
> year.  So I'm looking for some advice/direction if anyone else has
> been in a similar situation and found a permanent fix.
> -- 
> To unsubscribe send an email to
> nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
> http://lists.arthurdejong.org/nss-pam-ldapd-users/
> 
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/