« Return to Thread: No timeout for nss_ldap?
No timeout for nss_ldap?
by tkircht
::
Rate this Message:
My problem is that, when using libnss_ldap (Debian 4.0/OpenLDAP 2.3.30)
every failure in the network link results in blocking all machines.
My setup looks like this:
-------
/etc/libnss_ldap.conf
URI ldaps://ldap.ipodion.at:636
base dc=int,dc=ipodion,dc=at
bind_timelimit 5
-------
bind_timelimit didn't show any effect, probably due to the ldap client
libs..
-------
/etc/nsswitch.conf
passwd: compat ldap
group: compat ldap
shadow: compat ldap
[...]
-------
I tried both files and compat but without seeing any difference
nscd ist off on both client and server machine.
Using this setup everything seems to work perfectly. Simulating a
network failure by changing URI ldaps://ldap.ipodion.at:636 to URI
ldaps://xxxldap.ipodion.at:636 results in "getent passwd" displaying the
local users and then hanging for a long time (I never waited long
enought but at least 20 minutes).
Any login attempts to that machine fail as well... i.e. hang
indefinitely....
I cannot believe that I can't find a solution to this probably simple
but serious problem.
--
=========================================================
iPodion GmbH
Rotensterngasse 20/3
A-1020 Wien, Austria
Mobil: +43-660-216 32 98
Tel.:+43-1-216 32 98-0 mailto:office@...
Fax: +43-1-216 32 98-28 http://www.iPodion.at
=========================================================
Achtung: Bitte beachten Sie meine neue
Telefonnummer: 0660/2163298
every failure in the network link results in blocking all machines.
My setup looks like this:
-------
/etc/libnss_ldap.conf
URI ldaps://ldap.ipodion.at:636
base dc=int,dc=ipodion,dc=at
bind_timelimit 5
-------
bind_timelimit didn't show any effect, probably due to the ldap client
libs..
-------
/etc/nsswitch.conf
passwd: compat ldap
group: compat ldap
shadow: compat ldap
[...]
-------
I tried both files and compat but without seeing any difference
nscd ist off on both client and server machine.
Using this setup everything seems to work perfectly. Simulating a
network failure by changing URI ldaps://ldap.ipodion.at:636 to URI
ldaps://xxxldap.ipodion.at:636 results in "getent passwd" displaying the
local users and then hanging for a long time (I never waited long
enought but at least 20 minutes).
Any login attempts to that machine fail as well... i.e. hang
indefinitely....
I cannot believe that I can't find a solution to this probably simple
but serious problem.
--
=========================================================
iPodion GmbH
Rotensterngasse 20/3
A-1020 Wien, Austria
Mobil: +43-660-216 32 98
Tel.:+43-1-216 32 98-0 mailto:office@...
Fax: +43-1-216 32 98-28 http://www.iPodion.at
=========================================================
Achtung: Bitte beachten Sie meine neue
Telefonnummer: 0660/2163298
smime.p7s (4K) « Return to Thread: No timeout for nss_ldap?
| Free embeddable forum powered by Nabble | Forum Help |
