Re: nslcd and ubuntu 10.04

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Christopher Wood <christopher_wood [at] pobox.com>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: nslcd and ubuntu 10.04
Date: Thu, 27 Sep 2012 10:41:03 -0400

I used reprepro to create a private apt repository for things like this. 
Apt-get will automatically install the latest version after your next apt-get 
upgrade. This sort of thing:

reprepro includedeb distname /path/to/deb 

This all gets managed using puppet, so it wasn't any trouble for me to add 
another apt source to everything.

On Thu, Sep 27, 2012 at 10:36:27AM -0400, Adam Wolfe wrote:
> Hah.  Thanks again, Christopher.  I appreciate the help.  Seems like
> a 0.7.13 with an adjusted idle_timelimit is the way to go so far.
> You happen to know if there's an easy way to package this for 10.04?
> I'm thinking about simply copying the .debs to my local apt-mirror,
> maybe even replacing the current ones for 0.7.2, might be easiest.
> 
> 
> On 09/27/2012 10:21 AM, Christopher Wood wrote:
> >Oh, you're a familiar face. ;)
> >
> >I use:
> >
> >idle_timelimit 30
> >
> >If your sockets cross a firewall then you may also be seeing the firewall 
> >timing out on inactive sockets.
> >
> >I found that in my environment, occasionally an ldap lookup would simply 
> >fail for no apparent reason. Every manual test succeeded, but intermittently 
> >automated tests would fail. I personally wrote it off to a gremlin that we 
> >have neither time nor personnel to chase, and banned nscd in case of cached 
> >negative result.
> >
> >In my case with 0.7.13 I left it sitting on some lab hosts with the above 
> >idle_timelimit for a week and wasn't able to reproduce my prior issue.
> >
> >On Thu, Sep 27, 2012 at 09:39:02AM -0400, Adam Wolfe wrote:
> >>Greetings,
> >>
> >>I was curious if anyone had written a guide or had (successful)
> >>experience getting ldap over ssl/tls working on ubuntu 10.04 using
> >>nslcd/libnss-ldapd.
> >>
> >>I'm having trouble where nslcd starts failing to connect to the ldap
> >>server after a few hours.  Restarting nslcd or simply "id"ing an
> >>ldap user fixes the issue temporarily.
> >>I've read that version 0.7.2 is known to be buggy, despite being the
> >>version in the ubuntu repos.  I've installed 0.7.13 from the ubuntu
> >>10.10 repos, but I'm still seeing failed connections in syslog.
> >>Recently I've adjusted the idle_timelimit to 1sec in nslcd.conf.
> >>Seems steady so far, but it's only been a few minutes (failed
> >>connections typically start within 2min).
> >>
> >>I have about 100 servers to migrate from 8.04 to 10.04 early next
> >>year.  So I'm looking for some advice/direction if anyone else has
> >>been in a similar situation and found a permanent fix.
> >>-- 
> >>To unsubscribe send an email to
> >>nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
> >>http://lists.arthurdejong.org/nss-pam-ldapd-users/
> >>
> 
> -- 
> To unsubscribe send an email to
> nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
> http://lists.arthurdejong.org/nss-pam-ldapd-users/
> 
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

nslcd and ubuntu 10.04, Adam Wolfe
- Re: nslcd and ubuntu 10.04, Christopher Wood
  - Re: nslcd and ubuntu 10.04, Adam Wolfe
    - Re: nslcd and ubuntu 10.04, Christopher Wood

Prev by Date: Re: nslcd and ubuntu 10.04
Next by Date: Re: nslcd and ubuntu 10.04
Previous by thread: Re: nslcd and ubuntu 10.04
Next by thread: Re: nslcd and ubuntu 10.04