[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap (or is it nss_ldap?) not answering

To: openldap-software@OpenLDAP.org
Subject: Re: openldap (or is it nss_ldap?) not answering
From: Todd Lyons <tlyons@ivenue.com>
Date: Thu, 11 Nov 2004 13:23:52 -0800
Content-disposition: inline
In-reply-to: <3728b34c041111120071bc19fc@mail.gmail.com>
Organization: Ivenue.com
References: <3728b34c041111120071bc19fc@mail.gmail.com>
User-agent: Mutt/1.5.6i

This doesn't seem to have anything really to do with OpenLDAP itself
aside from possibly tuning it to accept and keep more inbound
connections, so further replies might be better offlist or on the LDAP
Interoperability (LDAP-Interop) mailing list recently set up.

Stefano Maffulli wanted us to know:

>The only error I see in the log is the following:
>Nov 11 18:36:09 csv-mail-01 top: nss_ldap: reconnecting to LDAP server...
>Nov 11 18:36:09 csv-mail-01 top: nss_ldap: reconnected to LDAP server
>after 1 attempt(s)

I have that same message.  It did not go away by adjusting threads up or
down.  Browsing through the nss-ldap code, it doesn't seem to be an
error that's causing any problems, rather it looks simply like a
warning.  

My ldap servers are essentially unloaded, PIII 700's running at 0.05 or
less load all day, every day, consuming ~ 2.0% userland CPU all day,
every day.  I'm not having failed auths, I'm not experiencing any
problems.  I just ignore it but check the frequency.  It seems to be
bursty.  Here's the breakdown for me this morning on one of my smtp
servers:
00:00 - 00:59     2
01:00 - 01:59     5
02:00 - 02:59     3
03:00 - 03:59     6
04:00 - 04:59     1
05:00 - 05:59    14
06:00 - 06:59     4
07:00 - 07:59     4
08:00 - 08:59     1
09:00 - 09:59     9
10:00 - 10:59     2
11:00 - 11:59    15
12:00 - 12:59     3

Interesting thing, between 11:55 and 11:59, it did it 9 times.  Looking
at my load graphs, there was a spike at that time, though it was small.
It definitely is load related though.  Back when this server was doing
5000 messages a day (doesn't count rejected SBL+XBL connections which
don't check username against LDAP) I did not see these messages.  We
migrated some users over from another system to this one and now we're
doing 30K messages a day (again, without SBL+XBL rejects) and I get the
messages with the frequency listed above.
-- 
Regards...		Todd
  We should not be building surveillance technology into standards.
  Law enforcement was not supposed to be easy.  Where it is easy, 
  it's called a police state.             -- Jeff Schiller on NANOG
Linux kernel 2.6.8.1-12mdkenterprise   2 users,  load average: 1.08, 1.07, 1.07

References:
- openldap (or is it nss_ldap?) not answering
  - From: Stefano Maffulli <smaffulli@gmail.com>

Prev by Date: openldap (or is it nss_ldap?) not answering
Next by Date: Re: LDAP server unreachable
Index(es):
- Chronological
- Thread