[Date Prev][Date Next] [Chronological] [Thread] [Top]

Many 'Can't contact LDAP server' errors

Greetings! (I sent this last week but it doesn't appear to have ever
made it through to the list.)

We are having a problem that seems to be growing. We have openldap
deployed across a wan (primary at one site, replicants at remote sites).
At present it is only really being used for mail routing and passwords.
Some sites have as few as five active people. Systems are dual Xeon,
2GB, RHES3, with sendmail 8.12.11-4 and openldap 2.0.27.

In all of the sites we are seeing errors such as:
 sendmail[32170]: j5FNtoFQ032169: SYSERR(root): Error getting LDAP
results in map ldapmra: Can't contact LDAP server

sendmail[31898]: j5FMiqHL031898: SYSERR(root): Error in ldap_search
using <username@master.dom> in map ldapmra: Can't contact LDAP server

dovecot-auth: LDAP: ldap_result() failed: Can't contact LDAP server

sendmail[7776]: nss_ldap: reconnecting to LDAP server...

openldap isn't serving that many people or processing that much email
(some sites with MORE people and MORE traffic have fewer errors). The
end result (for the 1st two) is that mail gets bounced because it can't
verify the user exists. For the 3rd it gives a imap-connection-refused
to the mail client. I assume the 4th is something more expected as it is
usually followed close by with a "reconnected" statement.

Manually doing ldapsearch from the commandline has NEVER resulted in a
"Can't contact". As this appears to be happening from a couple different
applications I tend to think I have a configuration issue with openldap.

Any thoughts? TIA!
John Duino <jduino@nateng.com>
National Engineering Technology