Full_Name: Maciej Uhlig
OS: CentOS release 6.5 (Final)
Submission from: (NULL) (126.96.36.199)
There are two OpenDJ servers and one OpenLDAP server. OpenLDAP server acts as a
proxy to OpenDJ servers. OpenLDAP server is used by Dovecot mailbox server (here
LDAP client) for user authentication.
OpenLDAP server runs 2.4.39 software. The problem is observed during OpenLDAP
and OpenDJ servers interaction. Users can't send their mail. Dovecot server logs
"ldap_bind() failed: Server is unavailable". OpenLDAP server logs
Restart of OpenLDAP server is required to resume normal operation.
Analysis of OpenDJ log shows:
- conn=40822 (correct) takes not more than one second
- conn=40823 (incorrect) takes more than eleven minutes (it persists until
OpenLDAP server is stopped)
Analysis of OpenLDAP log shows:
- op=29970 (conn=40822 in OpenDJ server) ends with err=0
- op=29972 (conn=40823 in OpenDJ server) ends with err=0
- op=29976 (not seen in OpenDJ server) ends with err=52
- similarly op=29979 and all subsequent end with err=52
Looks like OpenLDAP server doesn't unbind (eleven minutes above) from OpenDJ
server. Instead it tries to make next bind which is unsuccesful (err=52).