Check your idle timelimit on slapd and then try to set the nss_ldap directive *idle_timelimit* to a value minor than it. It should work
Let me know Marco On Tue, Apr 5, 2011 at 4:51 PM, c0re <[email protected]> wrote: > /usr/local/etc/ldap.conf > .... > timelimit 10 > bind_timelimit 5 > bind_policy soft > .... > > 2011/4/5 Marco Pizzoli <[email protected]> > >> >> On 5 Apr 2011 16:11, "c0re" <[email protected]> wrote: >> > >> > nss_ldap.conf: >> > >> > timelimit 10 >> > bind_timelimit 5 >> > bind_policy soft >> > nss_connect_policy oneshot >> > >> > I think every mail that come through my mail relay ask openldap about >> nss... How can I workaround this? >> > >> > 2011/4/5 Marco Pizzoli <[email protected]> >> >> >> >> ---------- Forwarded message ---------- >> >> From: "Marco Pizzoli" <[email protected]> >> >> Date: 5 Apr 2011 14:29 >> >> Subject: Re: Tuning openldap, nss_ldap and pam_ldap >> >> To: "c0re" <[email protected]> >> >> >> >> Hi, >> >> If it was the same problem that I had some time ago, it was due to idle >> connections that I gold slapd to close after x seconds. >> >> Check yours, and eventually set a keep alive parameter on your client, >> nss_ldap. >> >> >> >> Regards >> >> Marco >> >> >> >> On 5 Apr 2011 13:44, "c0re" <[email protected]> wrote: >> >> > >> >> > Hello openldap users! >> >> > >> >> > I've got Openldap 2.4.23 that used as authentication and >> authorization server for about 40-50 servers. >> >> > OS - FreeBSD 8.1. >> >> > >> >> > It's not heavy loaded. >> >> > >> >> > openldap# top -SP >> >> > last pid: 45647; load averages: 0.15, 0.15, 0.07 >> >> up 81+22:29:21 15:18:57 >> >> > 99 processes: 3 running, 80 sleeping, 16 waiting >> >> > CPU 0: 0.7% user, 0.0% nice, 0.0% system, 0.0% interrupt, 99.3% >> idle >> >> > CPU 1: 0.4% user, 0.0% nice, 0.7% system, 0.0% interrupt, 98.9% >> idle >> >> > Mem: 79M Active, 1402M Inact, 379M Wired, 84M Cache, 213M Buf, 31M >> Free >> >> > Swap: 4060M Total, 8K Used, 4060M Free >> >> > >> >> > PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU >> COMMAND >> >> > 11 root 2 171 ki31 0K 32K CPU0 0 3874.8 200.00% >> idle >> >> > 4773 ldap 18 44 0 398M 53748K ucond 1 41.1H 0.00% >> slapd >> >> > >> >> > But on my servers sometimes I see in logs something like >> >> > >> >> > on FTP-server: >> >> > Mar 25 21:55:32 someftp ftpd: nss_ldap: could not search LDAP server >> - Server is unavailable >> >> > >> >> > Authentication works fine, no problems. But want to find out what can >> be wrong. >> >> > >> >> > To understand this problem I installed ldap-stats utility and made it >> run: >> >> > >> >> > /var/log/debug.log - it's half day openldap server usage log. >> >> > >> >> > openldap# ldap-stats -c 1000 /var/log/debug.log >> >> > >> >> > >> >> > Report Generated on Tue Apr 5 15:16:47 2011 >> >> > -------------------------------------------- >> >> > Processed "/var/log/debug.log": Apr 5 00:00:00 - Apr 5 15:17:33 >> >> > >> >> > >> >> > Operation totals >> >> > ---------------- >> >> > Total operations : 913845 >> >> > Total connections : 101226 >> >> > Total authentication failures : 2 >> >> > Total binds : 99700 >> >> > Total unbinds : 99181 >> >> > Total searches : 714964 >> >> > Total compares : 7 >> >> > Total modifications : 0 >> >> > Total modrdns : 0 >> >> > Total additions : 0 >> >> > Total deletions : 0 >> >> > Unindexed attribute requests : 0 >> >> > Operations per connection : 9.03 >> >> > >> >> > >> >> > # Uses Filter >> >> > ---------- >> ----------------------------------------------------------- >> >> > 615504 (&(objectClass=posixAccount)(uid=mailer-daemon)) >> >> > 90699 (&(objectClass=posixGroup)) >> >> > 6833 (&(objectClass=posixAccount)(uid=root)) >> >> > 2236 (&(objectClass=posixAccount)(uid=hiddenuser1)) >> >> > 669 (&(objectClass=posixGroup)(memberUid=root)) >> >> > 318 (&(objectClass=posixAccount)(uid=testacc)) >> >> > 87 (&(objectClass=posixGroup)(memberUid=postfix)) >> >> > 87 (&(objectClass=posixAccount)(uid=postfix)) >> >> > 81 (objectClass=posixAccount) >> >> > 68 (&(objectClass=posixAccount)(uid=debian-exim)) >> >> > 68 (&(objectClass=posixGroup)(memberUid=Debian-exim)) >> >> > 39 (&(objectClass=posixAccount)(uid=normaluser)) >> >> > 34 (&(objectClass=posixAccount)(uidNumber=7333)) >> >> > 30 (&(objectClass=posixGroup)(memberUid=hiddenuser1)) >> >> > 29 (&(objectClass=posixGroup)(memberUid=chelovek)) >> >> > 29 (&(objectClass=posixAccount)(uid=chelovek)) >> >> > 27 (&(objectClass=posixAccount)(uid=user0)) >> >> > 23 (&(objectClass=posixAccount)(uid=nobody)) >> >> > 21 (&(objectClass=posixAccount)(uid=user1)) >> >> > 18 (&(objectClass=posixAccount)(uid=user2)) >> >> > 16 (&(objectClass=posixAccount)(uid=user3)) >> >> > 15 (&(objectClass=posixAccount)(uid=user4)) >> >> > 12 (&(objectClass=posixAccount)(uid=user5)) >> >> > 11 (&(objectClass=posixAccount)(uidNumber=7330)) >> >> > 10 (&(objectClass=posixAccount)(uid=user15)) >> >> > 9 (&(objectClass=posixAccount)(uid=user16)) >> >> > 8 (&(objectClass=posixAccount)(uidNumber=7333)) >> >> > 6 (&(objectClass=posixAccount)(uid=user6)) >> >> > 5 (&(objectClass=posixAccount)(uid=user7)) >> >> > 5 (cn=defaults) >> >> > 4 (&(objectClass=posixAccount)(uidNumber=7228)) >> >> > 4 (&(objectClass=shadowAccount)(uid=user1)) >> >> > 4 (&(objectClass=posixAccount)(uid=user9)) >> >> > 4 (&(objectClass=posixAccount)(uid=user10)) >> >> > 4 (&(objectClass=posixAccount)(uid=user11)) >> >> > 3 (&(objectClass=posixAccount)(uid=user12)) >> >> > 3 (&(objectClass=posixAccount)(uid=user13)) >> >> > 3 (&(objectClass=posixAccount)(uid=user14)) >> >> > ............... >> >> > and MANY others that has 1 use in this stats. >> >> > I think this many queries from mail relay server. >> >> > * user1 and etc - just hidden real users. >> >> > >> >> > What can I do to tune nss? Can you point me in a right direction? Do >> not know what to look at. >> >> > If you need any additional information, logs and etc - I'll provide >> it. >> >> > >> >> > Thanks in advance! >> >> > >> > >> > >> >> Have you got pam_ldap.conf configured? >> If so, what are the corresponding configurations related to ldap server >> connections? >> > > -- _________________________________________ Non รจ forte chi non cade, ma chi cadendo ha la forza di rialzarsi. Jim Morrison
