[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#4420) Hanging CLOSE_WAIT connections in ldap-backend
Full_Name: Fred Schmalborn
Version: 2.3.19
OS: AIX 5.2
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (192.109.190.88)
I'm using the ldap backend to proxy some DN's to a corporate LDAP Server.
The requests to the corporate LDAP are both anonymous and USER binds. That is
working fine for the first 30 minutes.
Vor the anonymous BIND there are open two permanent connections to the corporate
LDAP.
The corporate LDAP is closing this connections after 30 minutes and they are
remaining in CLOSE_WAIT state for a long time (forever?).
After that, I often doesn't get more informations from corporate LDAP. In the
TCP trace I see that the OpenLDAP server doesn't communicate with the corporate
LDAP. I have to restart the slapd and it is working fine for the next 30
minutes.
I have tried to set the idle-timeout to 30, but this parameter effects only the
user BIND and not the anonymous.
Is it possible to set a timeout for the anonymous connections?
Are this hanging CLOSE_WAIT connections a bug and how can I avoid them?
At the time it doesn't work (CLOSE_WAIT connections), I see in the syslog:
Mar 1 09:25:23 ipnetmg5 slapd[290912]: conn=5 fd=8 ACCEPT from
IP=127.0.0.1:36877 (IP=0.0.0.0:389)
Mar 1 09:25:23 ipnetmg5 slapd[290912]: conn=6 fd=9 ACCEPT from
IP=127.0.0.1:36878 (IP=0.0.0.0:389)
Mar 1 09:25:23 ipnetmg5 slapd[290912]: conn=6 op=0 BIND dn="" method=128
Mar 1 09:25:23 ipnetmg5 slapd[290912]: conn=5 op=0 BIND dn="" method=128
Mar 1 09:25:23 ipnetmg5 slapd[290912]: conn=6 op=0 RESULT tag=97 err=0 text=
Mar 1 09:25:23 ipnetmg5 slapd[290912]: conn=5 op=0 RESULT tag=97 err=0 text=
Mar 1 09:25:23 ipnetmg5 slapd[290912]: conn=6 op=1 SRCH
base="ou=People,dc=corp,dc=com" scope=2
deref=3 filter="(&(objectClass=*)(uid=myuser))"
Mar 1 09:25:23 ipnetmg5 slapd[290912]: conn=5 op=1 SRCH
base="ou=People,dc=corp,dc=com" scope=2
deref=3 filter="(&(objectClass=*)(uid=myuser))"
Mar 1 09:25:23 ipnetmg5 slapd[290912]: conn=6 op=1 SRCH attr=uid
Mar 1 09:25:23 ipnetmg5 slapd[290912]: conn=5 op=1 SRCH attr=uid
Mar 1 09:25:23 ipnetmg5 slapd[290912]: conn=6 op=1 SEARCH RESULT tag=101 err=52
nentries=0 text=
Mar 1 09:25:23 ipnetmg5 slapd[290912]: conn=5 op=1 SEARCH RESULT tag=101 err=52
nentries=0 text=
Mar 1 09:25:26 ipnetmg5 slapd[290912]: conn=6 op=2 SRCH
base="ou=People,dc=corp,dc=com" scope=2
deref=3 filter="(&(objectClass=*)(uid=myuser))"
Mar 1 09:25:26 ipnetmg5 slapd[290912]: conn=6 op=2 SRCH attr=uid
Mar 1 09:25:26 ipnetmg5 slapd[290912]: conn=6 op=2 SEARCH RESULT tag=101 err=52
nentries=0 text=
Mar 1 09:25:26 ipnetmg5 slapd[290912]: conn=5 op=2 SRCH
base="ou=People,dc=corp,dc=com" scope=2
deref=3 filter="(&(objectClass=*)(uid=myuser))"
Mar 1 09:25:26 ipnetmg5 slapd[290912]: conn=5 op=2 SRCH attr=uid
Mar 1 09:25:26 ipnetmg5 slapd[290912]: conn=5 op=2 SEARCH RESULT tag=101 err=52
nentries=0 text=
Mar 1 09:25:28 ipnetmg5 slapd[290912]: conn=5 op=3 SRCH
base="ou=People,dc=corp,dc=com" scope=2
deref=3 filter="(&(objectClass=*)(uid=myuser))"
Mar 1 09:25:28 ipnetmg5 slapd[290912]: conn=6 op=3 SRCH
base="ou=People,dc=corp,dc=com" scope=2
deref=3 filter="(&(objectClass=*)(uid=myuser))"
Mar 1 09:25:28 ipnetmg5 slapd[290912]: conn=5 op=3 SRCH attr=uid
Mar 1 09:25:28 ipnetmg5 slapd[290912]: conn=6 op=3 SRCH attr=uid
Mar 1 09:25:28 ipnetmg5 slapd[290912]: conn=5 op=3 SEARCH RESULT tag=101 err=52
nentries=0 text=
Mar 1 09:25:28 ipnetmg5 slapd[290912]: conn=6 op=3 SEARCH RESULT tag=101 err=52
nentries=0 text=
Mar 1 09:26:06 ipnetmg5 slapd[290912]: conn=5 fd=8 closed (idletimeout)
Mar 1 09:26:06 ipnetmg5 slapd[290912]: conn=6 fd=9 closed (idletimeout)
With lsof on the OpenLDAP Server I see:
slapd 290912 root cwd VDIR 10,6 512
92226 /usr (/dev/hd2)
slapd 290912 root 0u VCHR 2,2 0t0
4161 /dev/null
slapd 290912 root 1u VCHR 2,2 0t0
4161 /dev/null
slapd 290912 root 2u VCHR 2,2 0t0
4161 /dev/null
slapd 290912 root 3u unix 0xf10000f3048d5400 0t0
->0xf10000f305e87000
slapd 290912 root 4r FIFO 0xf10000e32237ae50 0
slapd 290912 root 5w FIFO 0xf10000e32237ae50 0
slapd 290912 root 6u IPv4 0xf10000f3012efb58 0t0
TCP *:389 (LISTEN)
slapd 290912 root 7uw VREG 10,7 4096
8202 /var (/dev/hd9var)
slapd 290912 root 10u IPv4 0xf10000f305df0b58 0t896
TCP ipnetmg5c1.muc:32803->corpldap.com:3892 (CLOSE_WAIT)
slapd 290912 root 11u IPv4 0xf10000f306b82b58 0t76
TCP ipnetmg5c1.muc:65424->corpldap.com:3892 (CLOSE_WAIT)
slapd 290912 root 12uW VREG 10,7 122901
8213 /var (/dev/hd9var)
slapd 290912 root 13uW VREG 10,7 493748
8223 /var (/dev/hd9var)
slapd 290912 root 14u IPv4 0xf10000f30d5ee358 0t76
TCP ipnetmg5c1.muc:32804->corpldap.com:3892 (CLOSE_WAIT)
With Best Regards
Fred