Re: [nssldap] client timeout

[Eric Ritchie <eritchie [at] interactivebrokers.com>]

I'm using LDAP for passwd, group, automap and netgroup functions, it is 
a replacement for NIS. When the OS is using LDAP for these functions, 
such as id or finger, it uses /lib/libnss_ldap.so and the /etc/ldap.conf 
file. When I run any of the ldap commands, such as ldapsearch, it uses 
/usr/lib/libldap and /etc/openldap/ldap.conf. I'm more concerned with 
the OS hanging when it tries to perform an LDAP lookup than ldapsearch 
hanging. So I would need a newer libnss_ldap to take advantage of new 
OpenLDAP features.

Thanks

Eric

Howard Chu wrote:
> Eric Ritchie wrote:
> > I'm having an issue with client response when a server fails. This may
> > be the same issue discussed in the thread "No timeout for nss ldap". I
> > have 3 servers running openldap 2.3.39. I have several Redhat 4 clients.
> > I configured the uri line with the 3 servers on each client:
> > uri ldap://1.2.3.4 ldap://1.2.3.5 ldap://1.2.3.6
> >
> > If I go to the first ldap server and stop slapd, there is no noticeable
> > effect on the clients. If I shut down the server, or disable the
> > network, the clients will hang. I have experimented with bind_timelimit
> > and bind_policy. Changing the bind_policy did not seem to have any
> > effect. Setting the bind_timelimit to 1 and running nscd seem to help
> > clients the most. Is there any way I can configure the clients to better
> > handle an LDAP server shutdown?
>
> Upgrade to OpenLDAP 2.4; the ldap.conf syntax has been extended to 
> allow you to configure connection timeouts.

--
Eric Ritchie
Interactive Brokers LLC
203-618-5868