Hello,
i have found some weird messages in my syslog since i setup openldap
and switched my users from local passwd/shadow to openldap.
I have two notebooks using sssd and the openldap server is
configured with pam_ldap/nss_ldap authentication.
I didn't have any problems, but i'm unsure why those message are
logged and so i decided to ask this on the list.
Those are the messages in question:
Mar 22 20:10:01 foobarsrv1 slapd[16923]: connection_input: conn=12652 deferring operation: binding
Mar 22 15:36:33 foobarsrv1 slapd[16923]: connection_read(29): no connection!
Mar 22 15:37:36 foobarsrv1 slapd[16923]: conn=10375 op=6 ABANDON msg=6
Mar 15 09:00:59 foobarsrv1 slapd[28731]: connection_input: conn=16081 deferring operation: too many executing
Mar 12 18:33:54 foobarsrv1 slapd[699]: slap_global_control: unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1
I have tried to find a solution or reason for this since two weeks
or so, but i couldn't find the answer/solution. Regarding the
"deferring operation: binding" message i'm just concerned, because
their is absolutely no load on the system and i'm not sure what
would happen if i had more than 3 clients (including the server)
which use ldap. I already tried to match those messages with other
things going on on the system, but i could get any match. Currently
i get the "deferring operation: binding" anything between 2 and 10
times a day.
I know that this may be more than one issue, but i hope that you are
willing to help me solve this.
This is my slapd.conf:
Konsole output
include
/etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
security tls=1 simple_bind=128
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to attrs=userPassword
by self write
by anonymous auth
by * none
access to *
by self write
by * read
access to *
by
dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
manage
by * none
TLSCipherSuite
HIGH:MEDIUM:-SSLv2:-SSLv3
TLSCertificateFile /etc/openldap/ssl/slapdcert.pem
TLSCertificateKeyFile /etc/openldap/ssl/slapdkey.pem
database hdb
suffix "dc=foobar,dc=local"
checkpoint 32 30
rootdn "cn=Manager,dc=foobar,dc=local"
rootpw {SSHA}XXXX
directory /var/lib/openldap-data
index objectClass eq
index uid pres,eq
index memberUid pres,eq
index uidNumber pres,eq
index gidNumber pres,eq
index uniqueMember pres,eq
index sambaSID pres,eq
index mail pres,sub,eq
index cn pres,sub,eq
index sn pres,sub,eq
index dc eq
database config
My /etc/ldap.conf
Konsole output
host 127.0.0.1
base dc=foobar,dc=local
uri ldap://localhost/
ldap_version 3
scope one
bind_policy soft
idle_timelimit 3600
pam_filter objectclass=posixAccount
pam_member_attribute memberuid
pam_min_uid 1000
pam_password exop
nss_base_passwd ou=People,dc=foobar,dc=local?one
nss_base_shadow ou=People,dc=foobar,dc=local?one
nss_base_group ou=Groups,dc=foobar,dc=local?one
nss_base_hosts ou=Hosts,dc=foobar,dc=local?one
ssl start_tls
nss_initgroups_ignoreusers
root,bin,daemon,adm,lp,sync,shutdown,halt,news,uucp,operator,portage,nobody,man,sshd,cron,mail,postmaster,ldap,m
ysql,mediatomb,dovecot,dovenull,apache,openvpn,clamav,bacula,asterisk,ntp
The openldap server is an up to date Gentoo system.
If you need more informations just let me know.
Kind regards,
Timo
--
Timo Eissler
Senior Project Engineer / Consultant
Am Zuckerberg 54
D-71640 Ludwigsburg
Tel.: +49 7141 4094003
Mobil.: +49 151 20650311
Email: timo@teissler.de