[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Ldap not reachable/tuning

--On Friday, November 25, 2016 7:05 PM +0100 Thomas Hummel <thomas.hummel@pasteur.fr> wrote:


I'm using a simple setup on CentOS Linux release 7.2.1511
(Core)/openldap-servers-2.4.40-9 /cn=config/mdb : one provider with the
syncprov overlay and 2 syncrepl consumers. The DIT itself is about 10000
dn in size (about 3000 active users).

Everything works fine except that sometimes, some clients report
(temporary) failure to reach the consumers (NAS servers for instance).

Hi Thomas,

A few notes:

a) The CentOS7 build is hacked to support a broken TLS implementation.

b) The version (2.4.40) is quite old, and has numerous known problems (it was a particularly broken release). I would also note the CentOS7 build has on occassion had its own problems introduced by patches from RedHat that do not exist in stock OpenLDAP builds. See <http://www.openldap.org/software/release/changes.html> for a list of changes since 2.4.40 was released.

c) Nothing you presented indicates any issue on the server side. It could, for example, be an issue with your clients, a firewall, packet shaper, etc.

d) You should fully disable rate limiting for rsyslogd. Then find out what the server side reports during the periods of time when you see issues with the client connections.

You may wish to examine the LTB builds (<http://ltb-project.org/wiki/download#openldap>) if you are unable to build OpenLDAP yourself, or if you require support for your OpenLDAP installation, Symas (the company I work for) has support options.

Hope this helps!



Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: