Re: [nssldap] No timeout for nss_ldap?
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] No timeout for nss_ldap?
- From: Tony Earnshaw <tonni [at] hetnet.nl>
- Cc: nssldap [at] padl.com
- Subject: Re: [nssldap] No timeout for nss_ldap?
- Date: Thu, 03 Jan 2008 14:56:00 +0100
Buchan Milne skrev, on 03-01-2008 14:23:
Just so I know what awaits me - could you give me examples of which
services will break if I set bind_policy to soft?
Actually, it's setting it to hard which breaks things. That's what I was
trying to repair in the content of my first mispost.
So why should it be set to hard anyway? When soft works for reboots?
Because soft never makes nss_ldap retries on a bind failure. Say that
you have a primary and a failover URI in ldap.conf, as we have on our 2
k12ltsp (Linux Terminal Server Project) servers:
uri ldap://192.168.1.25/ ldap://192.168.0.253/
For some reason 192.168.1.25 can't be contacted, nss_ldap should
failover to 192.168.0.253. But it won't with bind_policy soft.
Do you have proof of this ? Because I can't reproduce it.
[...]
With bind_policy soft:
Nov 25 06:43:42 opera verynice: nss_ldap: could not search LDAP server -
Server is unavailable
Nov 26 09:27:42 opera gdm[19570]: nss_ldap: could not search LDAP server
- Server is unavailable
Nov 26 09:27:42 opera gdm[4093]: gdm_child_action: Aborting display
ws039.leerlingen:0
Nov 26 09:39:42 opera firefox-bin: nss_ldap: could not search LDAP
server - Server is unavailable
Nov 26 09:46:03 opera soffice.bin: nss_ldap: could not search LDAP
server - Server is unavailable
[...]
With bind_policy hard_init (i.e. commented out):
Dec 21 11:25:30 opera soffice.bin: nss_ldap: reconnected to LDAP server
ldap://192.168.1.25/ after 1 attempt
Dec 21 11:25:32 opera gdm[4801]: nss_ldap: reconnected to LDAP server
ldap://192.168.1.25/ after 1 attempt
Dec 21 11:25:32 opera gconfd (dng-5168): Received signal 15, shutting
down cleanly
Dec 21 11:25:32 opera gconfd (dng-5168): Exiting
Dec 21 11:32:22 opera gconfd (mhoekstra-4931): Exiting
Dec 21 11:32:22 opera gdm[2516]: nss_ldap: reconnected to LDAP server
ldap://192.168.1.25/ after 1 attempt
Dec 21 11:36:26 opera gconfd (dklumper-4343): Exiting
Dec 21 11:36:26 opera gdm[4208]: nss_ldap: reconnected to LDAP server
ldap://192.168.1.25/ after 1 attempt
As the only OpenLDAP bod at the school I can assure you I spent enough
time listening to anguishings from my non-OL colleague demanding to know
the reason and what I was doing about it ... I finally found the answer
by Googleing, which we're all supposed not to do ;)
(This is Mandriva 2008.0 x86_64, where nss_ldap has been patched - by me - to
use soft by default - I don't have a RHEL5 handy that I can test with at
present, but bind_policy soft hasn't given any problems that I've noticed on
our few RHEL5 servers).
This is RHEL5.1 with one Buchan Milne's OL 2.3.38 stuff and which has
now gone over to ppolicy, fiddling about with which gave rise (in part)
to the above: "IT WASN'T DOING THIS LAST WEEK, WHY IS IT DOING IT NOW?"
Etc, etc.
I'm now trying gradually to put nss-ldapd in place instead of Red Hat's
$DEITY-awful nss_ldap, but it seems it has a bug with large Posix groups
at the moment (our largest has about 900+ memberUids).
Best and a really fine 2008 to you and everyone,
--Tonni
--
Tony Earnshaw
Email: tonni at hetnet dot nl
- Re: [nssldap] No timeout for nss_ldap?, (continued)
