[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd still allows bind but returns no data

On Thursday 11 October 2007 20:45:21 Josh M. Hurd wrote:
> I have been fighting with this issue for a couple months now and I
> really need a solution.
> I have 2 openldap servers recently upgraded to 2.3.38 with a brand
> new rebuilt bdb from an LDIF dump.
> The 2 servers sit behind a load balancer (read-only) and provide
> basic authentication for about 300 linux servers.

Are these servers using nscd or not ? How many connections do they have to 
your LDAP servers ?

> There's not much traffic on them but those who need access need access.
> The problem is they stop returning data, slapd is still running
> otherwise seems ok.

Do you get any messages in the logs when this happens? How many connections do 
the servers have when this happens? I'm thinking you've run out of file 
descriptors (due to excessive connections, due to not using nscd and/or 
raising the file descriptor limit) which may be causing slapd to defer 

> You can still bind to them using rootdn with no issues.
> I found an old thread describing a similar problem that suggested an
> upgrade which I did.
> I was using 2.2.13 now upgraded to 2.3.38
> My level of knowledge of OpenLDAP is probably just above novice so I
> don't have a good base for trouble shooting.
> This is causing HUGE disruption and needs to be fixed immediately so
> any and all help is much appreciated.
> I turned on debug logging (-s 1) this morning so should have a bit of
> data to share with you if need be.

Right, but this only allows you to direct *what* syslog will do with the log 
entries generated by slapd, not what level of logging is generated by slapd 
(which you configure via the loglevel directive in slapd.conf).