Hello Ondrej,
if I get: -------------- root@loadbalancer01:~# ldapsearch -x -D uid=repl-user,ou=users,dc=example,dc=net -W Enter LDAP Password: ldap_bind: Server is unavailable (52) additional info: no connections available --------------
The log on the loadbalancer is showing: ------------- Dez 04 14:19:33 loadbalancer01 slapd[883]: operation_init: received a new operation, bind request with msgid=1 for client connid=1 Dez 04 14:19:33 loadbalancer01 slapd[883]: request_bind: connid=1, msgid=1 no available connection found Dez 04 14:19:33 loadbalancer01 slapd[883]: operation_init: received a new operation, unbind request with msgid=2 for client connid=1 Dez 04 14:19:33 loadbalancer01 slapd[883]: handle_one_request: received unbind, closing client connid=1 -------------
On the ldap-server I see, nothing in the log:
Next thing I did was ldapsearch with "-d 3" and I got: ------------- TLS trace: SSL_connect:SSL negotiation finished successfully TLS trace: SSL_connect:SSL negotiation finished successfully TLS trace: SSL_connect:SSLv3/TLS read server session ticket tls_read: want=5, got=5 0000: 17 03 03 00 3f ....?
tls_read: want=63, got=63 0000: 15 70 78 36 2f bb aa 06 f3 34 d7 dc c7 40 c7 f1 .px6/....4...@.. 0010: a0 74 0c 31 20 5f 50 15 6a e9 33 55 10 8a 6d a1 .t.1 _P.j.3U..m. 0020: 29 ad 3a ba a8 1e d7 e8 72 e1 3d 17 5f c3 fe d0 ).:.....r.=._... 0030: 4a 94 08 e3 b5 cc 56 03 ac a1 f4 76 e9 30 31 J.....V....v.01 ldap_read: want=8, got=8 0000: 30 84 00 00 00 28 02 01 0....(..
ldap_read: want=38, got=38 0000: 01 61 84 00 00 00 1f 0a 01 34 04 00 04 18 6e 6f .a.......4....no 0010: 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 61 76 61 connections ava 0020: 69 6c 61 62 6c 65 ilable
ber_get_next: tag 0x30 len 40 contents: ldap_find_request_by_msgid: msgid 1, lr 0x562310953bc0 lr->lr_refcnt = 1 read1msg: ld 0x56231090e7f0 msgid 1 message type bind ber_scanf fmt ({eAA) ber: read1msg: ld 0x56231090e7f0 0 new referrals read1msg: mark request completed, ld 0x56231090e7f0 msgid 1 request done: ld 0x56231090e7f0 msgid 1 res_errno: 52, res_error: <no connections available>, res_matched: <> ldap_return_request: lrx 0x562310953bc0, lr 0x562310953bc0 ldap_return_request: lrx->lr_msgid 1, lrx->lr_refcnt is now 0, lr is still present ldap_free_request (origid 1, msgid 1) ldap_free_request_int: lr 0x562310953bc0 msgid 1 removed ldap_do_free_request: asked to free lr 0x562310953bc0 msgid 1 refcnt 0 ldap_parse_result ber_scanf fmt ({iAA) ber: ber_scanf fmt (}) ber: ldap_msgfree ldap_err2string ldap_bind: Server is unavailable (52) additional info: no connections available ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 3 tls_write: want=29, written=29 0000: 17 03 03 00 18 e8 81 d9 3d 8a 61 51 f0 8d 3d c8 ........=.aQ..=. 0010: 93 9a c7 ef aa 3a 65 15 a5 d7 6f 97 66 .....:e...o.f ldap_write: want=7, written=7 0000: 30 05 02 01 02 42 00 0....B.
tls_write: want=24, written=24 0000: 17 03 03 00 13 92 92 4f 5a b9 79 a9 b3 2b 3e 38 .......OZ.y..+>8 0010: 53 a2 03 7f 8f cf 85 76 S......v
TLS trace: SSL3 alert write:warning:close notify ldap_free_connection: actually freed
-------------
i first tough it could be some TLS problem but as you see TLS is ok.
Now I checked what I see on the both ldap-servers when restarting slapd, and I see nothing. So no connection is established for the proxy authentication on slapd start.
If I switch to slapd.conf it works fine on both ldap-servers. ------------- Dez 04 14:27:20 provider02 slapd[501]: conn=1047 fd=21 ACCEPT from IP=192.168.56.24:59358 (IP=0.0.0.0:636) Dez 04 14:27:20 provider02 slapd[501]: conn=1047 fd=21 TLS established tls_ssf=256 ssf=256 tls_proto=TLSv1.3 tls_cipher=TLS_AES_256_GCM_SHA384 Dez 04 14:27:20 provider02 slapd[501]: conn=1047 op=0 BIND dn="uid=lloadd,ou=users,dc=example,dc=net" method=128 Dez 04 14:27:20 provider02 slapd[501]: conn=1047 op=0 BIND dn="uid=lloadd,ou=users,dc=example,dc=net" mech=SIMPLE bind_ssf=0 ssf=256 ------------- There must be something wrong with the bind configuration.
Stefan
Am 04.12.23 um 11:52 schrieb Ondřej Kuzník:
On Mon, Dec 04, 2023 at 11:40:29AM +0100, Stefan Kania wrote:
Hi to all,
when I setup the loadbalancer lloadd via slapd.conf everything is working fine. Here my slapd.conf [...]
As soon as I change to cn=config with the following configuration: [...]
The slapd is stating and with "ss -tlpn" I see port 1636 and 1389 as listen (next to 636 and 389) I git the following errormessage when I try to contect the ldap-server via the loadbalancer.
ldap_bind: Server is unavailable (52) additional info: no connections available
Did I miss sommthing? I also try to translate the working slapd.conf with slaptest, but the result is the same.
Hi Stefan, the configurations certainly look equivalent, but no connections to provider1/2 are being established ("no connections available" to use), can you see any errors in the logs that would show why that is?
Regards,