Hi Quanah, It is ssh authentication of a ldap user when ldap server failover. Around that period there was about 6-8 concurrent ldap sessions from the same client. Top command showed no process was hungry. Could any reason made it delay so much? Could any special message from ldap server make client wait? Regards,Tai

From: Quanah Gibson-Mount quanah@symas.com To: Huynh Phuoc Tai fucai1116@yahoo.com; openldap-technical@openldap.org Sent: Thursday, 2 March 2017, 9:16 Subject: Re: Long ldap session when ldap server failover

--On Friday, February 24, 2017 7:27 AM +0000 Huynh Phuoc Tai fucai1116@yahoo.com wrote:

Hi,

I have an issue with long ldap session when ldap server failover.

[01/Dec/2016:11:40:01 +0100] conn=7187095 op=4 msgId=5 - UNBIND [01/Dec/2016:11:40:01 +0100] conn=7187095 op=4 msgId=-1 - closing from 10.14.97.45:55287 - U1 - Connection closed by unbind client - [01/Dec/2016:11:40:01 +0100] conn=7187095 op=-1 msgId=-1 - closed.

The openldap client didn't send UNBIND soon but sent after several minutes. Could you suggest me any way forward to find the root cause? openldap2-client-2.4.26-0.62.2

Well, it shows that the LDAP client didn't unbind until after 5 minutes. We have no idea *what* that client is, only you do.  What is "cn=ProxyUser,ou=proxyagent,ou=com,dc=jerarm,dc=roma,dc=te,dc=com"? Are you sure it's an *openldap* client or is it something else?

--Quanah

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com