lists.arthurdejong.org
RSS feed

Re: nslcd: error reading from client: Success

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: nslcd: error reading from client: Success



On Fri, 2014-05-30 at 17:17 +0530, varun mittal wrote:
> We are seeing this nslcd error when clients are trying 'chown' over
> NFS shares.
> After searching over the net I cam across this :
> http://lists.arthurdejong.org/nss-pam-ldapd-users/2013/msg00002.html

You are seeing
  nslcd: error reading from client: Success
in the logs when the chown is issued? Is this on the NFS server or the
client?

The "error reading from client" should only be logged if there was some
problem reading a request for a name lookup. I think the "Success" part
should only be logged if the connection is closed by the client.

> So my queries are:
> 1. How to confirm that our issue is the same one ?

The easiest way to get more information is to run nslcd in debug mode to
see what is going on. Is the error easy to reproduce? Are there a lot of
lookups going on?

> 2. The link seems to suggest it's an application side issue and not an
> nss-pam-ldapd issue. Is that correct ? Can we get more details about
> the issue and the fix ?

The thread pointed out above was about nslcd not handling queries well
when it is overloaded.

Another issue that was mentioned in the thread was a fix for when a
large number of file descriptors are open. This should not affect nslcd
itself but could affect the NSS and PAM modules.

If there are applications with more than FD_SETSIZE (commonly 1024) file
open NSS lookups will fail (conceivably with the error message you're
seeing). The 0.8 version should handle such situations much better.

Other countermeasures that you can take on such systems is to run
(u)nscd. This is a good idea anyway on heavily loaded systems (if you
are not seeing issues with (u)nscd) as it avoids hitting the LDAP server
too often.

Another option is to increase the number of threads. This will reduce
the number of applications that are waiting on NSS lookups but may
increase the load on your LDAP server.

Hope this helps,

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org/ --
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/