[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: monitoring openldap 2.0.27 connections

To: santosh malavade <santoshmalavade@outlook.com>
Subject: Re: monitoring openldap 2.0.27 connections
From: Dan White <dwhite@olp.net>
Date: Thu, 29 Nov 2012 08:33:04 -0600
Cc: Marc Patermann <hans.moser@ofd-z.niedersachsen.de>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-disposition: inline
In-reply-to: <COL002-W36FF8787C3CA1A7EF40997B75C0@phx.gbl> <COL002-W20D443EACA9B592FCD142DB75C0@phx.gbl>
User-agent: Mutt/1.5.21 (2010-09-15)

On 11/29/12 12:16 +0530, santosh malavade wrote:

We are using openldap version 2.0.27 on RHEL AS 3 with Postfix 2.2.10 In
postfix logs, I have seen the following warning message: warning:
dict_ldap_connect: Unable to bind to server ldap://127.0.0.1:389 as <dn>:
85 (Timed out) The default timeout is set as 10 seconds.

How do I monitor my ldap server.   I would like to know the active
connection counts on my ldap server.


You can use ldapsearch to verify your server is responding, and postmap to
verify that postfix can query it.

Consider installing a newer version of slapd on another server, and
pointing your postfix config at it.

On 11/29/12 17:08 +0530, santosh malavade wrote:

I believe the timeout is happening due to large no. of connections / large
no. of operations against the ldap server.


As was already mentioned, use netstat to find out if that's the case. If
you're getting ldap connections from external sources, and you don't need
to allow external connections, you can run slapd on a unix domain socket
'ldapi:///', or use iptables to firewall off port 389 (and 636 if using
ldaps).

--
Dan White

References:
- monitoring openldap 2.0.27 connections
  - From: santosh malavade <santoshmalavade@outlook.com>

Prev by Date: Re: MirrorMode Replication Problem
Next by Date: Re: OpenLDAP as an address book for MS Outlook
Index(es):
- Chronological
- Thread