[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SLAPD dies/locks up



I'm moving this to openldap-software instead, because I can not
believe that this could be a OpenLDAP problem. It must be something
on my network...

Below is another picture on exactly what's working and what's not..

Quoting Turbo Fredriksson <turbo@nocrew.org>:

> I'm having trouble here. When doing a search from netscape/outlook
> OR ldapsearch to the ldap server, the slapd locks up, and it have 
> to be restarted.
> 
> This have happened on two machines/ldap servers.
> 
> 
> I have two ldap servers, the soon-to-be production server (ldap1),
> and my own private machine (ldap2). I have two clients, our W2K
> server (client1), and my colegues private machine (client2).
> 
> 
>                 |-------|               |-------|
>                 | ldap1 |               | ldap2 |
>                 |-------|               |-------|
> 
> 
>                |---------|             |---------|
>                | client1 |             | client2 |
>                |---------|             |---------|
> 
> 
> Doing a search from client1<->ldap2 works fine (in netscape ONLY!). But
> these doesn't work at all:
> 
>         client2<->ldap2
>         client2<->ldap1
>         client1<->ldap1
> 
> These hangs the ldap server. Same version of netscape, same version of
> OpenLDAP (Debian package, version 1.2.9-3).
> 
> There IS a firewall on our net, but all the machines pictured above have
> public addresses, hooked up to the same switch...
> 
> 
> This is what I get when starting slapd with '-d 31':
> 
> ----- s n i p -----
> slapd 1.2.9-Release (Mon Feb 28 16:28:57 EST 2000)
> 	bmc@krikey:/usr/src/pkgs/openldap-1.2.9/build-tree/openldap-1.2.9/servers/slapd
> slapd starting
> listening for connections on 7, activity on:
> before select active_threads 0
> select activity on 1 descriptors
> new connection on 8
> ldap_open
> ldap_init
> open_ldap_connection
> ldap_connect_to_host: <HOSTNAME>:389
> sd 9 connected to: <IPADDRESS_OF_HOSTNAME>
> ldap_open successful, ld_host is (null)
> ldap_simple_bind_s
> ldap_simple_bind
> ldap_send_initial_request
> ldap_send_server_request
> ber_flush: 14 bytes to sd 9
> 	 0 0c 02 01 01  ` 07 02 01 02 04 00 80 00 
> ldap_result
> wait4msg (infinite timeout)
> ** Connections:
> * host: <HOSTNAME>  port: 389  (default)
>   refcnt: 2  status: Connected
>   last used: Sun Mar 26 17:43:54 2000
> 
> ** Outstanding Requests:
>  * msgid 1,  origid 1, status InProgress
>    outstanding referrals 0, parent count 0
> ** Response Queue:
>    Empty
> do_ldap_select
> ----- s n i p -----


This is how we tried it...


                       |--------|
                       |        |
                       | switch |
                       |--------|


|-----------|           |------|                |--------|
| gw/router |           | ldap |                | client |
|-----------|           |------|                |--------|


client->switch->gw->ldap  works
gw->ldap                  works
client->switch->ldap      NOT!


It works when the client have a private IP, accessing the ldap server
on the public address, but not when the client tries to access it
on the private IP. However, if the client have a public address and
tries to access ldap on the public IP, it wont work either! But client
with public IP, accessing ldap on private IP works.

Conclusion: It only works when the client tries to access ldap through
            the gw, and is not on the same network.

Double check: Setting a IP alias on ldap as 192.168.11.6 and the client
              (win) set to 192.168.10.201 with a default gw as 192.168.10.1
              (which is an IP alias on gw). Doesn't work. But accessing it
              on the public still works...



The switch does not have any special configurations activated,
it's an Nortel BayStack 450...

The firewalling on the gw (a Debian GNU/Linux 2.2 with masquerading)
can be found for reviewing on http://www.air2.net/ipchains.html.

(I'm starting to be a little confused of what works and not here,
Input on proper tests would be very appreciated :)

--