RSS feed

Re: nslcd and ubuntu 10.04

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: nslcd and ubuntu 10.04

Hah. Thanks again, Christopher. I appreciate the help. Seems like a 0.7.13 with an adjusted idle_timelimit is the way to go so far. You happen to know if there's an easy way to package this for 10.04? I'm thinking about simply copying the .debs to my local apt-mirror, maybe even replacing the current ones for 0.7.2, might be easiest.

On 09/27/2012 10:21 AM, Christopher Wood wrote:
Oh, you're a familiar face. ;)

I use:

idle_timelimit 30

If your sockets cross a firewall then you may also be seeing the firewall 
timing out on inactive sockets.

I found that in my environment, occasionally an ldap lookup would simply fail 
for no apparent reason. Every manual test succeeded, but intermittently 
automated tests would fail. I personally wrote it off to a gremlin that we have 
neither time nor personnel to chase, and banned nscd in case of cached negative 

In my case with 0.7.13 I left it sitting on some lab hosts with the above 
idle_timelimit for a week and wasn't able to reproduce my prior issue.

On Thu, Sep 27, 2012 at 09:39:02AM -0400, Adam Wolfe wrote:

I was curious if anyone had written a guide or had (successful)
experience getting ldap over ssl/tls working on ubuntu 10.04 using

I'm having trouble where nslcd starts failing to connect to the ldap
server after a few hours.  Restarting nslcd or simply "id"ing an
ldap user fixes the issue temporarily.
I've read that version 0.7.2 is known to be buggy, despite being the
version in the ubuntu repos.  I've installed 0.7.13 from the ubuntu
10.10 repos, but I'm still seeing failed connections in syslog.
Recently I've adjusted the idle_timelimit to 1sec in nslcd.conf.
Seems steady so far, but it's only been a few minutes (failed
connections typically start within 2min).

I have about 100 servers to migrate from 8.04 to 10.04 early next
year.  So I'm looking for some advice/direction if anyone else has
been in a similar situation and found a permanent fix.
To unsubscribe send an email to or see

To unsubscribe send an email to or see