Re: [389-users] nscd: nss_ldap: could not search LDAP server - Server is unavailable

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks Pat

Both clients and ldap servers are running on Centos x86_64 5.4
nss_ldap-253-22.el5_4
nscd-2.5-42.el5_4.2

/etc/ldap.conf
bind_policy soft
timelimit 120
bind_timelimit 120
idle_timelimit 3600
pam_filter objectclass=posixAccount
base dc=fds,dc=com
pam_member_attribute uniquemember
uri ldap://ldap.fds.com:389/
tls_checkpeer yes
ssl start_tls
tls_cacertdir /etc/pki/tls/certs/
pam_password md5
tls_cacertfile /etc/pki/tls/certs/ca-bundle.crt

Server logs do not say much other than errors/audit/access. It looks like
bind_policy soft results in " Server is Unavailable" message. By changing to
bind_policy hard, I get " nscd: nss_ldap: reconnected to LDAP server
ldap://ldap.fds.com/ after 1 attempt". So that means ldap connection
times-out at random intervals >1800 seconds. I found that there is a bug in

What is appropriate timelimit for search/bind/idle? To give some idea, we
roughly have ~300 users and 600 servers.

Is there a timeout settings in 389-ds?

A bug in previous version of nscd:
https://bugzilla.redhat.com/show_bug.cgi?id=429702



-P



On 12/30/09 6:00 PM, "patrick.morris@xxxxxx" <patrick.morris@xxxxxx> wrote:

> Prashanth Sundaram wrote:
> 
>> I have two 389-ds servers with MMR via TLS and client hosts
>> authenticating via TLS. I see this error message in all client machines
>> in /var/log/messages. It seems nscd is failing at random intervals. Has
>> anyone seen this before?
> 
>> Dec 29 10:35:35 dmc189 nscd: nss_ldap: could not search LDAP server -
>> Server is unavailable
>> Dec 29 11:00:21 dmc189 nscd: nss_ldap: could not search LDAP server -
>> Server is unavailable
>> Dec 29 11:12:15 dmc189 nscd: nss_ldap: could not search LDAP server -
>> Server is unavailable
> 
> Sure. It can be caused by several things: intermittent connectivity
> issues, server malfunctions (the server log's a good place to look for
> those), and several other possibilities.
> 
> It could also be caused by problems with nss_ldap itself, especially
> given the ldap.conf you've provided. What version are you running,
> and on which platform?

--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux