[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Proxy Timeout Values

To: Jack Kielsmeier <JKielsmeier@lightedge.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: LDAP Proxy Timeout Values
From: Howard Chu <hyc@symas.com>
Date: Wed, 04 Jun 2014 06:51:25 -0700
In-reply-to: <F945C99256B6D44E8E8F5C51580287B6192992@cdalnex02.cd.ent.corp>
References: <F945C99256B6D44E8E8F5C51580287B6192261@cdalnex02.cd.ent.corp> <538E1E0E.3000400@leicester.ac.uk> <F945C99256B6D44E8E8F5C51580287B6192992@cdalnex02.cd.ent.corp>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26a1

Jack Kielsmeier wrote:

Interesting.

So you basically have some sort of script that checks responsiveness. If none, it reconfigures slapd.conf and restarts the process? Seems like quite a bandaid, but it'd work.

-----Original Message-----
From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Liam Gretton
Sent: Tuesday, June 03, 2014 2:12 PM
To: openldap-technical@openldap.org
Subject: Re: LDAP Proxy Timeout Values

On 03/06/2014 16:34, Jack Kielsmeier wrote:

We are running OpenLDAP 2.4.23. Part of our implementation proxies to an

Active Directory server. Whenever connectivity to the AD server is
interrupted, queries to the non-proxied portion of our implementation take a
very long time and cause many issues with querying services.

Based on the config info you provided, I don't see how that's possible. Youhave 3 database sections of note, and they are all independent. Queries to anyof the first two databases cannot be affected by anything in the back-ldapdatabase, unless you've deleted something crucial from the censored config yousent.

The doc sections you quote are not relevant, I suggest you re-read theslapd-ldap(5) manpage more carefully.

I reported a similar issue a couple of years ago:

Your issue was reported against back-meta, this post is about back-ldap. Theconfigurations are not similar at all.


http://www.openldap.org/its/index.cgi/Incoming?id=7372;selectid=7372

That was with 2.4.32. I don't think it's been fixed since, but I've worked

around it with a slightly unpleasant out-of-band check on our domain
controllers which reconfigures OpenLDAP when it detects a DC going out of service.

From what I see in the mailing list archives, there was nothing to fix. Thetimeouts all worked as designed when tested locally.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- RE: LDAP Proxy Timeout Values
  - From: Jack Kielsmeier <JKielsmeier@lightedge.com>
- Re: LDAP Proxy Timeout Values
  - From: Liam Gretton <liam.gretton@leicester.ac.uk>

References:
- LDAP Proxy Timeout Values
  - From: Jack Kielsmeier <JKielsmeier@lightedge.com>
- Re: LDAP Proxy Timeout Values
  - From: Liam Gretton <liam.gretton@leicester.ac.uk>
- RE: LDAP Proxy Timeout Values
  - From: Jack Kielsmeier <JKielsmeier@lightedge.com>

Prev by Date: Re: ACL inconsistency
Next by Date: RE: LDAP Proxy Timeout Values
Index(es):
- Chronological
- Thread