Jack Kielsmeier wrote:
Interesting.
So you basically have some sort of script that checks responsiveness. If none, it reconfigures slapd.conf and restarts the process? Seems like quite a bandaid, but it'd work.
-----Original Message----- From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Liam Gretton Sent: Tuesday, June 03, 2014 2:12 PM To: openldap-technical@openldap.org Subject: Re: LDAP Proxy Timeout Values
On 03/06/2014 16:34, Jack Kielsmeier wrote:
We are running OpenLDAP 2.4.23. Part of our implementation proxies to an
Active Directory server. Whenever connectivity to the AD server is interrupted, queries to the non-proxied portion of our implementation take a very long time and cause many issues with querying services.
Based on the config info you provided, I don't see how that's possible. You have 3 database sections of note, and they are all independent. Queries to any of the first two databases cannot be affected by anything in the back-ldap database, unless you've deleted something crucial from the censored config you sent.
The doc sections you quote are not relevant, I suggest you re-read the slapd-ldap(5) manpage more carefully.
I reported a similar issue a couple of years ago:
Your issue was reported against back-meta, this post is about back-ldap. The configurations are not similar at all.
http://www.openldap.org/its/index.cgi/Incoming?id=7372;selectid=7372
That was with 2.4.32. I don't think it's been fixed since, but I've worked
around it with a slightly unpleasant out-of-band check on our domain controllers which reconfigures OpenLDAP when it detects a DC going out of service.
From what I see in the mailing list archives, there was nothing to fix. The timeouts all worked as designed when tested locally.