On Thu, Nov 29, 2012 at 12:16:17PM +0530, santosh malavade wrote:

We are using openldap version 2.0.27 on RHEL AS 3 with Postfix 2.2.10

2.0.27 was released in 2002 - that's 10 years ago. It was the final release in the 2.0 line, and by that time 2.1 versions were considered stable and were recommended for general use. The 2.0 line had many problems that have since been fixed. One of those was a lack of monitoring facilites.

How do I monitor my ldap server. I would like to know the active connection counts on my ldap server.

While I appreciate that people who choose 'enterprise' Linux distros are looking for stability above all else, there is a cost. Part of that cost is working with software that is 10 years out of date: you just have to put up with what it cannot do or get on and replace it. On this mailing list you will find that the prevailing advice is 'stay up to date' so that you can benefit from current development work. You will not get much help even for 2.3.x versions.

Having said that, you can of course use other tools to monitor processes on Linux. In this case, 'netstat' will give you a list of connections, and 'lsof' (if you have it) can give you more details about connections to a specific process. Those are both diagnostic tools rather than routine monitoring tools. If you want to *monitor* connections then your only hope is that you have a usable SNMP agent on that machine.

On Thu, Nov 29, 2012 at 11:05:16AM +0100, Marc Patermann wrote:

Don't touch things you see in a museum! ;)

Exactly. I suggest you urgently start a project to replace your obsolete software. RHEL 3 reached 'end of regular life cycle' two years ago. In the mean time, make sure to take regular backups as LDIF text files so that when 2.0.27 breaks down comletely you have a usable copy of your data!

Andrew

On 11/29/12 12:16 +0530, santosh malavade wrote:

We are using openldap version 2.0.27 on RHEL AS 3 with Postfix 2.2.10 In postfix logs, I have seen the following warning message: warning: dict_ldap_connect: Unable to bind to server ldap://127.0.0.1:389 as <dn>: 85 (Timed out) The default timeout is set as 10 seconds.

How do I monitor my ldap server. I would like to know the active connection counts on my ldap server.

You can use ldapsearch to verify your server is responding, and postmap to verify that postfix can query it.

Consider installing a newer version of slapd on another server, and pointing your postfix config at it.

On 11/29/12 17:08 +0530, santosh malavade wrote:

I believe the timeout is happening due to large no. of connections / large no. of operations against the ldap server.

As was already mentioned, use netstat to find out if that's the case. If you're getting ldap connections from external sources, and you don't need to allow external connections, you can run slapd on a unix domain socket 'ldapi:///', or use iptables to firewall off port 389 (and 636 if using ldaps).