--20cf307811d0d379c404d032d6ee Content-Type: text/plain; charset=ISO-8859-1
Config is basic (with special timeout tests commented out) :
database ldap suffix "o=corp" uri ldaps://10.100.120.153
# close connection after a timeout #idletimeout 100 # causes a cached connection to be dropped an recreated after a given ttl #conn-ttl 4294967294 # close connection after a timeout for ldap backend #idle-timeout 4294967294 # Discards current cached connection when the client rebinds - default to No #single-conn no
Try adding a "rebind-as-user" here. This forces back-ldap to store client's credentials in order to rebind when needed (e.g. because a persistent connection timed out).
p.
overlay rwm rwm-suffixmassage "o=corp" "o=int"
2012/12/6 Pierangelo Masarati masarati@aero.polimi.it
Full_Name: Sebastien Prune THOMAS Version: slapd 2.4.31 OS: Linux CentOS URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (206.167.157.64)
I use OpenLdap to proxy (with the module back-ldap) to a eDirectory
LDAP
server. Every once and a while I have long lasting connections re-binding as anonymous, breaking the actual bind. This usualy happen after hitting either the idle-timeout or the
conn-ttl
limit. I wasn't able to find out what these values are when not set... but setting them low can help reproduce the problem :
What is the configuration of back-ldap? Can you post it (after sanitizing sensitive info)?
p.
-- Pierangelo Masarati Associate Professor Dipartimento di Ingegneria Aerospaziale Politecnico di Milano
--20cf307811d0d379c404d032d6ee Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
<div style=3D"font-family:Tahoma;font-size:13px">Config is basic (with spec= ial timeout tests commented out) :</div><div style=3D"font-family:Tahoma;fo= nt-size:13px">=A0</div><div style=3D"font-family:Tahoma;font-size:13px">dat= abase =A0 =A0 =A0ldap<br> suffix =A0 =A0 =A0 =A0 =A0 =A0"o=3Dcorp"<br>uri=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0 =A0 =A0<a>ldaps://10.100.120.153</a></div><div style= =3D"font-family:Tahoma;font-size:13px">=A0</div><div style=3D"font-family:T= ahoma;font-size:13px"># close connection after a timeout<br> #idletimeout=A0=A0=A0=A0 100<br># causes a cached connection to be dropped = an recreated after a given ttl<br>#conn-ttl=A0=A0=A0=A0=A0=A0=A0 4294967294= <br># close connection after a timeout for ldap backend<br>#idle-timeout=A0= =A0=A0 4294967294<br># Discards current cached connection when the client r= ebinds - default to No<br> #single-conn=A0=A0=A0=A0 no</div><div style=3D"font-family:Tahoma;font-size= :13px"><br>overlay=A0=A0=A0=A0=A0=A0=A0=A0 rwm<br>rwm-suffixmassage "o= =3Dcorp" "o=3Dint"</div><div class=3D"gmail_extra"><br><br><= div class=3D"gmail_quote">2012/12/6 Pierangelo Masarati <span dir=3D"ltr">&= lt;<a href=3D"mailto:masarati@aero.polimi.it" target=3D"_blank">masarati@ae= ro.polimi.it</a>></span><br> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1ex"><br> > Full_Name: Sebastien Prune THOMAS<br> > Version: slapd 2.4.31<br> > OS: Linux CentOS<br> > URL: <a href=3D"ftp://ftp.openldap.org/incoming/" target=3D"_blank">ft= p://ftp.openldap.org/incoming/</a><br> > Submission from: (NULL) (206.167.157.64)<br> ><br> ><br> > I use OpenLdap to proxy (with the module back-ldap) to a eDirectory LD= AP<br> > server.<br> > Every once and a while I have long lasting connections re-binding as<b= r> > anonymous,<br> > breaking the actual bind.<br> > This usualy happen after hitting either the idle-timeout or the conn-t= tl<br> > limit.<br> > I wasn't able to find out what these values are when not set... bu= t<br> > setting them<br> > low can help reproduce the problem :<br> <br> What is the configuration of back-ldap? =A0Can you post it (after sanitizin= g<br> sensitive info)?<br> <span class=3D"HOEnZb"><font color=3D"#888888"><br> p.<br> <br> --<br> Pierangelo Masarati<br> Associate Professor<br> Dipartimento di Ingegneria Aerospaziale<br> Politecnico di Milano<br> <br> </font></span></blockquote></div><br></div>
--20cf307811d0d379c404d032d6ee--