lists.arthurdejong.org
RSS feed

RE: [nssldap] Looking for support on nss_ldap issue

[Date Prev][Date Next] [Thread Prev][Thread Next]

RE: [nssldap] Looking for support on nss_ldap issue



It is a large patch but you might get better results if you try the patches I 
have recently released for nss_Ldap 265. They include a complete rewrite of the 
connect/reconnect code that is designed to honor the timeouts properly.
 
If you have trouble building this I can send you a Fedora 11 spec file which 
may give you a good starting point.
 
Regards, Howard
 
Coherent Technology Limited, 23 Northampton Square, Finsbury, London EC1V 0HL, 
United Kingdom
Telephone: +44 20 7690 7075 Mobile: +44 7980 639379
Company Email: coherent@cohtech.com Website: http://www.cohtech.com 
<http://www.cohtech.com/>  

________________________________

From: owner-nssldap@padl.com on behalf of Douglas E. Engert
Sent: Thu 2009-11-19 21:03
To: nssldap@evilbrain.com
Cc: nssldap@padl.com
Subject: Re: [nssldap] Looking for support on nss_ldap issue





nssldap@evilbrain.com wrote:
> On Tue, 17 Nov 2009, Douglas E. Engert wrote:
>> I don't have a CentOS system but we ran into issues with lost connections
>> and TLS. This sounds a lot like:
>>
>> BUG #392: call do_close() if ldap_result() or ldap_parse_result()
>>          fails (before returning NSS_UNAVAIL)
>>
>> and not having a timelimit set.
>>
>> Fixes for these are in nss_ldap-265 announced on 11/6/2009
>>
>> You may want to try using this newer version, if only to see if it fixes
>> your problem even if CentOS does not have this version yet.
>>
>> Since this looks like issues with timeouts
>> You may also want to set:
>>
>> idle_timelimit 20
>> timelimit 30
>>
>> Good luck.
>
> Thanks!  I have attached a document.
>
> I downloaded the source for that version that you describe and built it
> into packages for my CentOS machines.  I tried it out, but I still
> encounter the timeout related failure.  I added the following lines to
> ldap.conf but to no avail:
>
> bind_timelimit          5
> idle_timelimit 5
> timelimit 5
>
> My LDAP servers are local and are not stressed, so I figured a low
> timeout would be acceptable.
>
> The server that I hit with SIGSTOP that is detailed in the debug output
> was ldap1.management.example.com .
>
> Any additional help would be appreciated, thanks again!

I am no ldap expert, hopefully someone from Padl will respond.

But if you have all the timeouts set on the client, why
does this line near the end say infinite timeout?

wait4msg ld 0x55556e6dde40 msgid 1 (infinite timeout)

>
>>
>> --
>>
>> Douglas E. Engert  <DEEngert@anl.gov>
>> Argonne National Laboratory
>> 9700 South Cass Avenue
>> Argonne, Illinois  60439
>> (630) 252-5444
>>

--

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444