are the LDAP clients always the same? or is it more like an LDAP server does not accept TLS or SSL connections at all? could it be a temporary situation while some large searches are processed? are there load balancers in between? check for LDAP server descriptors and system entropy. check for nsslapd-enable-nunc-stans: off ldapsearch -D "cn=directory manager" -W -b cn=config -s base nsslapd-enable-nunc-stans may be take a pstack Thanks, M.
On Mon, Dec 23, 2019 at 3:08 PM Trevor Fong <tjf...@gmail.com> wrote: > Hi Everyone, > > We're running a cluster of VM's running 389-Directory/1.3.9.1 > B2019.164.1418 on RHEL7.7. > Some are providers, which replicate to a bunch of hubs (which provide > authentication services), which replicate in turn to a bunch of consumers > (which provide support for longer running queries). > Of late, we've a few clients have noted timed out connections. > When we look in our logs we see things like: > > [23/Dec/2019:00:21:50.760643645 -0800] conn=7827580 fd=469 slot=469 SSL > connection from <their IP> to <our IP> > [23/Dec/2019:00:21:50.764149645 -0800] conn=7827580 TLS1.2 256-bit AES-GCM > <no other transactions on conn=7827580, until the client times out the > connection> > [23/Dec/2019:00:22:05.763868515 -0800] conn=7827580 op=-1 fd=469 closed - > Encountered end of file. > > Others connections are made and operate just fine between the opening and > closing of the timed-out connection. > > Would anyone know what this could be/what we could check? > > Thanks, > Trev > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >
_______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
