LDAP server cannot be contacted

We are experiencing an issue whereby the LDAP server seems to crash
and cannot be contacted about once a week. OX services have to be
restarted in order to resume normal service. Users report that they cannot
log into their mail either via an IMAP client or the webmail interface.

The server is not particularly busy at the time of the crashes.

Here is the relevant section of the logs:

Aug 13 09:39:00 mail saslauthd[5082]: pam_ldap: ldap_starttls_s: Can't
contact LDAP server
Aug 13 09:39:00 mail saslauthd[5082]: DEBUG: auth_pam: pam_authenticate
failed: Authentication failure
Aug 13 09:39:00 mail saslauthd[5082]: do_auth         : auth failure:
[user=db139a] [service=imap] [realm=] [mech=pam] [reason=PAM auth error]
Aug 13 09:39:00 mail imap[11899]: badlogin: localhost [127.0.0.1]
plaintext db139a SASL(-13): authentication failure: checkpass failed
Aug 13 09:39:00 mail PAM-warn[5066]: function=[pam_sm_acct_mgmt]
service=[imap] terminal=[<unknown>] user=[db139a] ruser=[<unknown>]
rhost=[<unknown>]
 
We are using OX5 build 5637 (hymalia) on a SLES9 box.

Has anyone seen this behaviour before?

Mark

_______________________________________________
User mailing list
User@...
http://www.open-xchange.org/cgi-bin/mailman/listinfo/user

* Maccy <maccy@...> [2008-08-13 16:23]:
> Here is the relevant section of the logs:

well, this just says what you already know: that PAM and saslauthd
cannot talk to slapd on localhost. what it does not say, is why,
because you're looking at the wrong logfile.

if you want to know why slapd is not running (or crashing) you'd need
to look at it's logfile, usually something like /var/log/slapd. if
that does not exist and you can't find any lines containing the string
'slapd' in any other file in /var/log, you'd possibly need to enable
slapd logging, e.g. by adding this line to /etc/syslog.conf:
local4.*                        -/var/log/slapd
then create the logfile (`touch /var/log/slapd` as root) and then
reload the syslog service.

for this to work you'd also have to make sure /etc/openldap/slapd.conf
does *not* contain a line with "loglevel 0" (the default is 256, which
should be fine, so if there is no line with 'loglevel' you're good as
well). for more on logging see `man slapd.conf`.

note that none of this is really specific to OX and just plain
sysadmin work and LDAP diagnostics. once you have a log file and there
is stuff written to it, you're likely to see some bdb errors which you
then could ask at the openldap-software mailing list about (be sure to
google for the error message first). be prepared for them to tell you
to read the bdb documentation ;)

> We are using OX5 build 5637 (hymalia) on a SLES9 box.

If you still have a valid support contract for this (and this still is
a supported release) forget everything I said above and get the
support you've paid for, from the vendor (Open-Xchange Inc.).
See http://www.open-xchange.com/en/services/support

best regards,
-peter

--
peter.schober@... - vienna university computer center
Universitaetsstrasse 7, A-1010 Wien, Austria/Europe
Tel. +43-1-4277-14155, Fax. +43-1-4277-9140

_______________________________________________
User mailing list
User@...
http://www.open-xchange.org/cgi-bin/mailman/listinfo/user

On Wed, 13 Aug 2008, Peter Schober wrote:
> well, this just says what you already know: that PAM and saslauthd
> cannot talk to slapd on localhost. what it does not say, is why,
> because you're looking at the wrong logfile.

Thanks Peter, this turned out to be LDAP corruption (solution was in the
SDB, I missed it first time round). Touch wood, the problem has not
occurred since I performed an LDAP repair.

Regards

Mark

_______________________________________________
User mailing list
User@...
http://www.open-xchange.org/cgi-bin/mailman/listinfo/user