Re: [nssldap] No timeout for nss_ldap?

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: "Jamin W. Collins" <jcollins [at] asgardsrealm.net>
To: Thomas Kirchtag <tkircht [at] ipodion.at>
Cc: nssldap [at] padl.com
Subject: Re: [nssldap] No timeout for nss_ldap?
Date: Wed, 02 Jan 2008 06:20:50 -0500

Thomas Kirchtag wrote:
> My problem is that, when using libnss_ldap (Debian 4.0/OpenLDAP 2.3.30)
> every failure in the network link results in blocking all machines.
...
> Using this setup everything seems to work perfectly. Simulating  a
> network failure by changing URI ldaps://ldap.ipodion.at:636 to URI
> ldaps://xxxldap.ipodion.at:636 results in "getent passwd" displaying the
> local users and then hanging for a long time (I never waited long
> enought but at least 20 minutes).
> Any login attempts to that machine fail as well... i.e. hang
> indefinitely....
> 
> I cannot believe that I can't find a solution to this probably simple
> but serious problem.

Try changing your bind_policy, the defaults results in this never ending
attempt to connect.

# Reconnect policy:
#  hard_open: reconnect to DSA with exponential backoff if
#             opening connection failed
#  hard_init: reconnect to DSA with exponential backoff if
#             initializing connection failed
#  hard:      alias for hard_open
#  soft:      return immediately on server failure
bind_policy soft

-- 
Jamin W. Collins

[nssldap] No timeout for nss_ldap?, Thomas Kirchtag
- Re: [nssldap] No timeout for nss_ldap?, Jamin W. Collins

Prev by Date: [nssldap] No timeout for nss_ldap?
Next by Date: Re: [nssldap] No timeout for nss_ldap?
Previous by thread: [nssldap] No timeout for nss_ldap?
Next by thread: Re: [nssldap] No timeout for nss_ldap?