Hi Quanah,

It is ssh authentication of a ldap user when ldap server failover. Around that period there was about 6-8 concurrent ldap sessions from the same client.

Top command showed no process was hungry.

Could any reason made it delay so much? Could any special message from ldap server make client wait?

Regards,

Tai

From: Quanah Gibson-Mount <quanah@symas.com>
To: Huynh Phuoc Tai <fucai1116@yahoo.com>; openldap-technical@openldap.org
Sent: Thursday, 2 March 2017, 9:16
Subject: Re: Long ldap session when ldap server failover

--On Friday, February 24, 2017 7:27 AM +0000 Huynh Phuoc Tai
<fucai1116@yahoo.com> wrote:

>
>
> Hi,
>
>
> I have an issue with long ldap session when ldap server failover.

> [01/Dec/2016:11:40:01 +0100] conn=7187095 op=4 msgId=5 - UNBIND
> [01/Dec/2016:11:40:01 +0100] conn=7187095 op=4 msgId=-1 - closing from
> 10.14.97.45:55287 - U1 - Connection closed by unbind client -
> [01/Dec/2016:11:40:01 +0100] conn=7187095 op=-1 msgId=-1 - closed.
>
>
>
> The openldap client didn't send UNBIND soon but sent after several
> minutes. Could you suggest me any way forward to find the root cause?
> openldap2-client-2.4.26-0.62.2

Well, it shows that the LDAP client didn't unbind until after 5 minutes.
We have no idea *what* that client is, only you do. What is
"cn=ProxyUser,ou=proxyagent,ou=com,dc=jerarm,dc=roma,dc=te,dc=com"? Are you
sure it's an *openldap* client or is it something else?

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>