[Date Prev][Date Next]
Re: Ldap not reachable/tuning
--On Friday, November 25, 2016 7:05 PM +0100 Thomas Hummel
I'm using a simple setup on CentOS Linux release 7.2.1511
(Core)/openldap-servers-2.4.40-9 /cn=config/mdb : one provider with the
syncprov overlay and 2 syncrepl consumers. The DIT itself is about 10000
dn in size (about 3000 active users).
Everything works fine except that sometimes, some clients report
(temporary) failure to reach the consumers (NAS servers for instance).
A few notes:
a) The CentOS7 build is hacked to support a broken TLS implementation.
b) The version (2.4.40) is quite old, and has numerous known problems (it
was a particularly broken release). I would also note the CentOS7 build
has on occassion had its own problems introduced by patches from RedHat
that do not exist in stock OpenLDAP builds. See
<http://www.openldap.org/software/release/changes.html> for a list of
changes since 2.4.40 was released.
c) Nothing you presented indicates any issue on the server side. It could,
for example, be an issue with your clients, a firewall, packet shaper, etc.
d) You should fully disable rate limiting for rsyslogd. Then find out what
the server side reports during the periods of time when you see issues with
the client connections.
You may wish to examine the LTB builds
(<http://ltb-project.org/wiki/download#openldap>) if you are unable to
build OpenLDAP yourself, or if you require support for your OpenLDAP
installation, Symas (the company I work for) has support options.
Hope this helps!
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: