lists.arthurdejong.org
RSS feed

Re: nslcd Connection reset by peer

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: nslcd Connection reset by peer



On Mon, 2017-08-14 at 16:48 +0200, Hugo Deprez wrote:
> I ma using nslcd 0.9.4 on debian 8. My setup is working fine, but in
> my logs I can see some timeouts :
> 
> nslcd[1095]: [28ef39] error reading from client: Connection reset by peer
> 
> This happen on almost all of my server.
> 
> I don't know what cause this message to show up.
> Do you have any idea ? I would like to troubleshoot this but I don't
> really know where to start.

The messages seem to indicate that some process connects to nslcd but
closes the connection before the request can be read by nslcd.

This could be due to a timeout in the NSS or PAM module. The timeout
here is 10 seconds.

You should probably be able to solve this issue by increasing the
number of threads that nslcd uses and/or using (u)nscd to reduce the
number of lookups that nslcd has to perform.

If your LDAP searches are slow you could also see if adding indexes
server-side improves performance or perhaps tune your search filters to
return less entries (if your LDAP database is big).

Hope this helps,

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/