Re: [nssldap] No timeout for nss_ldap?
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] No timeout for nss_ldap?
- From: "Jamin W. Collins" <jcollins [at] asgardsrealm.net>
- To: Thomas Kirchtag <tkircht [at] ipodion.at>
- Cc: nssldap [at] padl.com
- Subject: Re: [nssldap] No timeout for nss_ldap?
- Date: Wed, 02 Jan 2008 06:20:50 -0500
Thomas Kirchtag wrote:
> My problem is that, when using libnss_ldap (Debian 4.0/OpenLDAP 2.3.30)
> every failure in the network link results in blocking all machines.
...
> Using this setup everything seems to work perfectly. Simulating a
> network failure by changing URI ldaps://ldap.ipodion.at:636 to URI
> ldaps://xxxldap.ipodion.at:636 results in "getent passwd" displaying the
> local users and then hanging for a long time (I never waited long
> enought but at least 20 minutes).
> Any login attempts to that machine fail as well... i.e. hang
> indefinitely....
>
> I cannot believe that I can't find a solution to this probably simple
> but serious problem.
Try changing your bind_policy, the defaults results in this never ending
attempt to connect.
# Reconnect policy:
# hard_open: reconnect to DSA with exponential backoff if
# opening connection failed
# hard_init: reconnect to DSA with exponential backoff if
# initializing connection failed
# hard: alias for hard_open
# soft: return immediately on server failure
bind_policy soft
--
Jamin W. Collins