the build string 389-Directory/1.3.9.1 B2019.164.1418 corresponds to a RHEL-7.7 with RHDS-10.4 to verify: cat /etc/redhat-release; rpm -q redhat-ds 389-ds-base
the access and errors log snippets are showing a "normal" timeout after 10mn, when there is no activity, and they do not really provide more information. for the system entropy, check with cat /proc/sys/kernel/random/entropy_avail systemctl status rngd if for example, the system entropy is less than 1K, crypto operations may be extremely slow, and rngd should be running, like for example: mkdir -p /etc/systemd/system/rngd.service.d cat > /etc/systemd/system/rngd.service.d/entropy-source.conf << EOF [Service] ExecStart=/sbin/rngd -f -r /dev/urandom -o /dev/random EOF systemctl daemon-reload systemctl enable rngd systemctl start rngd systemctl status rngd cat /proc/sys/kernel/random/entropy_avail If the ns-slapd stops responding, try to set the attribute nsslapd-ioblocktimeout under cn=config to a smaller value, like for example, 15 seconds / 15000 ldapmodify -D "cn=directory manager" -W dn: cn=config changetype: modify replace: nsslapd-ioblocktimeout nsslapd-ioblocktimeout: 15000 <press enter twice, then control-D> Thanks, M. On Thu, Jan 2, 2020 at 11:28 AM Trevor Fong <tjf...@gmail.com> wrote: > Hi Steve, > > We see it happening with replication connections from other 389 DS servers > in the cluster (but because it is multi-master, other replications masters' > succeed, so its OK). > However, we also see it with other clients - they will initiate a > connection, but the connection will hang and the client will time it out. > > Thanks, > Trev > > On Thu, 2 Jan 2020 at 09:43, Vandenburgh, Steve Y < > steve.vandenbu...@centurylink.com> wrote: > >> Is it possible that that application is pro-actively creating LDAP >> connections that it does not use? This scenario might happen if the >> application is using connection pooling. >> >> >> -----Original Message----- >> From: Trevor Fong <tjf...@gmail.com> >> Sent: Thursday, January 2, 2020 10:16 AM >> To: 389-users@lists.fedoraproject.org >> Subject: [389-users] Re: Connections Opened but No BIND Received >> >> Happy New Year, everyone! >> >> Further to this, I added connection management loglevel to the errorlog >> level and managed to capture the output during one of the events when the >> connection seems to stall. Would anyone be able to help me make sense of >> it? >> >> Thanks a lot, >> Trevor Fong >> >> Access log: >> [02/Jan/2020:08:21:00.925703124 -0800] conn=258144 fd=263 slot=263 SSL >> connection from <cleint ip> to <host ip> >> [02/Jan/2020:08:21:00.934435506 -0800] conn=258144 TLS1.2 256-bit AES-GCM >> < expecting other transactions with conn=258144 but nothing happens until >> the following, when the connection is eventually timed out (600 sec) and >> broken by the client> >> [02/Jan/2020:08:31:01.024762657 -0800] conn=258144 op=-1 fd=263 closed - >> Encountered end of file. >> >> Error log: >> [02/Jan/2020:08:21:00.924588379 -0800] - DEBUG - connection_reset - new >> SSL connection on 263 >> [02/Jan/2020:08:21:00.927088611 -0800] - DEBUG - >> connection_table_dump_activity_to_errors_log - activity on 263r >> [02/Jan/2020:08:21:00.927961983 -0800] - DEBUG - handle_pr_read_ready - >> read activity on 263 >> [02/Jan/2020:08:21:00.932285653 -0800] - DEBUG - >> connection_read_operation - connection 258144 waited 1 times for read to be >> ready >> [02/Jan/2020:08:21:00.934724384 -0800] - DEBUG - >> connection_read_operation - connection 258144 waited 2 times for read to be >> ready >> [02/Jan/2020:08:21:01.035814543 -0800] - DEBUG - connection_threadmain - >> conn 258144 read not ready due to 4 - thread_turbo_flag 0 more_data 0 >> ops_initiated 1 refcnt 2 flags 17 >> [02/Jan/2020:08:21:01.036940723 -0800] - DEBUG - >> connection_check_activity_level - conn 258144 activity level = 0 >> [02/Jan/2020:08:21:01.037824240 -0800] - DEBUG - connection_threadmain - >> conn 258144 leaving turbo mode due to 4 >> [02/Jan/2020:08:21:01.038667951 -0800] - DEBUG - connection_threadmain - >> conn 258144 check more_data 0 thread_turbo_flag 0repl_conn_bef 0, >> repl_conn_now 0 >> [02/Jan/2020:08:21:01.039407337 -0800] - DEBUG - >> connection_make_readable_nolock - making readable conn 258144 fd=263 … >> [02/Jan/2020:08:31:01.018473459 -0800] - DEBUG - >> connection_table_dump_activity_to_errors_log - activity on 263r >> [02/Jan/2020:08:31:01.020162681 -0800] - DEBUG - handle_pr_read_ready - >> read activity on 263 >> [02/Jan/2020:08:31:01.021136264 -0800] - DEBUG - >> connection_read_operation - PR_Recv for connection 258144 returns -5938 >> (Encountered end of file.) >> [02/Jan/2020:08:31:01.022435629 -0800] - DEBUG - >> disconnect_server_nomutex_ext - Setting conn 258144 fd=263 to be >> disconnected: reason -5938 >> [02/Jan/2020:08:31:01.024785254 -0800] - DEBUG - connection_threadmain - >> conn 258144 read not ready due to 3 - thread_turbo_flag 0 more_data 0 >> ops_initiated 2 refcnt 2 flags 19 >> [02/Jan/2020:08:31:01.026135420 -0800] - DEBUG - >> connection_check_activity_level - conn 258144 activity level = 1 >> [02/Jan/2020:08:31:01.027294400 -0800] - DEBUG - >> connection_enter_leave_turbo - conn 258144 turbo rank = 41 out of 841 conns >> [02/Jan/2020:08:31:01.028297819 -0800] - DEBUG - connection_threadmain - >> conn 258144 leaving turbo mode due to 3 >> [02/Jan/2020:08:31:01.029284720 -0800] - DEBUG - connection_threadmain - >> conn 258144 check more_data 0 thread_turbo_flag 0repl_conn_bef 0, >> repl_conn_now 0 >> [02/Jan/2020:08:31:01.034004014 -0800] - DEBUG - >> connection_make_readable_nolock - making readable conn 258144 fd=263 >> [02/Jan/2020:08:31:01.036209375 -0800] - DEBUG - clear_signal - Listener >> got signaled >> [02/Jan/2020:08:31:01.037395981 -0800] - DEBUG - >> connection_table_move_connection_out_of_active_list - Moved conn 263 out of >> active list and freed _______________________________________________ >> 389-users mailing list -- 389-users@lists.fedoraproject.org To >> unsubscribe send an email to 389-users-le...@lists.fedoraproject.org >> Fedora Code of Conduct: >> https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fdocs.fedoraproject.org%2fen%2dUS%2fproject%2fcode%2dof%2dconduct%2f&umid=88AB2F95-9B2B-5C05-B075-850F03556B65&auth=19120be9529b25014b618505cb01789c5433dae7-3f23a383f700f424db40deaf4d8822c2daf248e2 >> List Guidelines: >> https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2ffedoraproject.org%2fwiki%2fMailing%5flist%5fguidelines&umid=88AB2F95-9B2B-5C05-B075-850F03556B65&auth=19120be9529b25014b618505cb01789c5433dae7-919003d7bec2b6ef54d727a57d7573e5ffdfb07c >> List Archives: >> https://imss91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2flists.fedoraproject.org%2farchives%2flist%2f389%2dusers%40lists.fedoraproject.org&umid=88AB2F95-9B2B-5C05-B075-850F03556B65&auth=19120be9529b25014b618505cb01789c5433dae7-9795ae6e50df8fdd7c82d450133e130fc3c3eeb4 >> This communication is the property of CenturyLink and may contain >> confidential or privileged information. Unauthorized use of this >> communication is strictly prohibited and may be unlawful. If you have >> received this communication in error, please immediately notify the sender >> by reply e-mail and destroy all copies of the communication and any >> attachments. >> _______________________________________________ >> 389-users mailing list -- 389-users@lists.fedoraproject.org >> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >> > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >
_______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
