lists.arthurdejong.org
RSS feed

RE: [nssldap] Looking for support on nss_ldap issue

[Date Prev][Date Next] [Thread Prev][Thread Next]

RE: [nssldap] Looking for support on nss_ldap issue

You need to look in to the bugzilla for nss_ldap.
 
Try http://bugzilla.padl.com/show_bug.cgi?id=412 to get access to the files. 
You will need to run autoreconf after applying the patches, before running the 
configure. I would suggest you turn on the keytab options for kerberos but 
unless you are using kerberos authentication to the ldap servers then this is a 
choice.
 
Regards, Howard.
 
Coherent Technology Limited, 23 Northampton Square, Finsbury, London EC1V 0HL, 
United Kingdom
Telephone: +44 20 7690 7075 Mobile: +44 7980 639379
Company Email: coherent@cohtech.com Website: http://www.cohtech.com 
<http://www.cohtech.com/>  

________________________________

From: nssldap@evilbrain.com [nssldap [at] evilbrain.com]
Sent: Fri 2009-11-20 17:35
To: Howard Wilkinson
Subject: RE: [nssldap] Looking for support on nss_ldap issue



Thanks!  What's the URL for the patches to apply against the 265 codebase?
I have already built a spec file based upon the most recent 25x SRPM spec
file made for CentOS 5.x.

On Fri, 20 Nov 2009, Howard Wilkinson wrote:

> Date: Fri, 20 Nov 2009 16:47:51 -0000
> From: Howard Wilkinson <howard@cohtech.com>
> To: nssldap@padl.com
> Subject: RE: [nssldap] Looking for support on nss_ldap issue
>
> It is a large patch but you might get better results if you try the patches I 
> have recently released for nss_Ldap 265. They include a complete rewrite of 
> the connect/reconnect code that is designed to honor the timeouts properly.
>
> If you have trouble building this I can send you a Fedora 11 spec file which 
> may give you a good starting point.
>
> Regards, Howard
>
> Coherent Technology Limited, 23 Northampton Square, Finsbury, London EC1V 
> 0HL, United Kingdom
> Telephone: +44 20 7690 7075 Mobile: +44 7980 639379
> Company Email: coherent@cohtech.com Website: http://www.cohtech.com 
> <http://www.cohtech.com/>  <http://www.cohtech.com/>
>
> ________________________________
>
> From: owner-nssldap@padl.com on behalf of Douglas E. Engert
> Sent: Thu 2009-11-19 21:03
> To: nssldap@evilbrain.com
> Cc: nssldap@padl.com
> Subject: Re: [nssldap] Looking for support on nss_ldap issue
>
>
>
>
>
> nssldap@evilbrain.com wrote:
>> On Tue, 17 Nov 2009, Douglas E. Engert wrote:
>>> I don't have a CentOS system but we ran into issues with lost connections
>>> and TLS. This sounds a lot like:
>>>
>>> BUG #392: call do_close() if ldap_result() or ldap_parse_result()
>>>          fails (before returning NSS_UNAVAIL)
>>>
>>> and not having a timelimit set.
>>>
>>> Fixes for these are in nss_ldap-265 announced on 11/6/2009
>>>
>>> You may want to try using this newer version, if only to see if it fixes
>>> your problem even if CentOS does not have this version yet.
>>>
>>> Since this looks like issues with timeouts
>>> You may also want to set:
>>>
>>> idle_timelimit 20
>>> timelimit 30
>>>
>>> Good luck.
>>
>> Thanks!  I have attached a document.
>>
>> I downloaded the source for that version that you describe and built it
>> into packages for my CentOS machines.  I tried it out, but I still
>> encounter the timeout related failure.  I added the following lines to
>> ldap.conf but to no avail:
>>
>> bind_timelimit          5
>> idle_timelimit 5
>> timelimit 5
>>
>> My LDAP servers are local and are not stressed, so I figured a low
>> timeout would be acceptable.
>>
>> The server that I hit with SIGSTOP that is detailed in the debug output
>> was ldap1.management.example.com .
>>
>> Any additional help would be appreciated, thanks again!
>
> I am no ldap expert, hopefully someone from Padl will respond.
>
> But if you have all the timeouts set on the client, why
> does this line near the end say infinite timeout?
>
> wait4msg ld 0x55556e6dde40 msgid 1 (infinite timeout)
>
>>
>>>
>>> --
>>>
>>> Douglas E. Engert  <DEEngert@anl.gov>
>>> Argonne National Laboratory
>>> 9700 South Cass Avenue
>>> Argonne, Illinois  60439
>>> (630) 252-5444
>>>
>
> --
>
>  Douglas E. Engert  <DEEngert@anl.gov>
>  Argonne National Laboratory
>  9700 South Cass Avenue
>  Argonne, Illinois  60439
>  (630) 252-5444
>
>