Jason, is there any ACK for that LDAP query TCP packet or is the server side even not confirming that packet? What are LDAP server logs saying? Does the LDAP query looks correctly?
Additionally, during login, some pam stack modules can do LDAP queries directly, not through nsswitch/nscd. Best regards, Milan Jason J. W. Williams píše v út 20. 09. 2011 v 13:37 -0600: > Hi Milan, > > Thank you for the explanation. I've been trying to track down a > Solaris LDAP client issue where the Solaris LDAP client roughly every > hour causes a single slow login over SSH that ultimately terminates > the SSH connection. Through packet captures it appears that when this > occurs the LDAP client connects to the server successfully, but when > it issues a query to interrogate either the user or group the query > TCP packet is retransmitted 10 times over 10 seconds. The NIC stats on > the client, server and switch show no errors, so we're a bit befuddled > as to what is causing this very specific packet loss. > > Oddly, if we convert the LDAP client config to use IP addresses > instead of hostnames to connect to the server the problem appears to > go away. DNS on the client resolves the server hostname correctly > during the outage, so the whole thing is pretty confusing. > > -J > > On Tue, Sep 20, 2011 at 1:07 PM, Milan Jurik <[email protected]> wrote: > > Hi Jason, > > > > nscd is connecting to LDAP servers directly to do queries. ldap_cachemgr > > keeps info about profile and LDAP servers status only by doing some > > anonymous queries, also it is used for some write operations in specific > > configs. > > > > Best regards, > > > > Milan > > > > Jason J. W. Williams píše v po 19. 09. 2011 v 17:52 -0600: > >> Architecturally speaking, does nscd communicate via ldap_cachemgr for > >> LDAP lookups or does nscd make the connection directly? > >> > >> -J > >> > >> On Mon, Sep 19, 2011 at 5:12 PM, Joshua M. Clulow <[email protected]> wrote: > >> > On 20 September 2011 05:02, Jason J. W. Williams > >> > <[email protected]> wrote: > >> >> Is there a way to get ldap_cachemgr to give more debugging info on > >> >> connection timeouts and where it's reconnecting to? > >> > > >> > You can interrogate the running cachemgr with: > >> > > >> > /usr/lib/ldap/ldap_cachemgr -g > >> > > >> > It also looks like ldap_cachemgr might accept a debug level flag (-d > >> > <number>) and a foreground flag (-f): > >> > > >> > > >> > http://src.illumos.org/source/xref/illumos-gate/usr/src/cmd/ldapcachemgr/cachemgr.c#365 > >> > > >> > Adding "-d 6" to the arguments for ldap_cachemgr might give you all > >> > possible debug logs: > >> > > >> > > >> > http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libsldap/common/ns_cache_door.h#174 > >> > > >> > > >> > > >> > Cheers. > >> > > >> > -- > >> > Joshua M. Clulow > >> > UNIX Admin/Developer > >> > http://blog.sysmgr.org > >> > > >> > > >> > ------------------------------------------- > >> > illumos-discuss > >> > Archives: https://www.listbox.com/member/archive/182180/=now > >> > RSS Feed: > >> > https://www.listbox.com/member/archive/rss/182180/21181056-a6eb2d37 > >> > Modify Your Subscription: https://www.listbox.com/member/?&; > >> > Powered by Listbox: http://www.listbox.com > >> > > >> > >> > >> ------------------------------------------- > >> illumos-discuss > >> Archives: https://www.listbox.com/member/archive/182180/=now > >> RSS Feed: > >> https://www.listbox.com/member/archive/rss/182180/21175687-799b1238 > >> Modify Your Subscription: https://www.listbox.com/member/?&; > >> Powered by Listbox: http://www.listbox.com > > > > > > > > > > ------------------------------------------- > > illumos-discuss > > Archives: https://www.listbox.com/member/archive/182180/=now > > RSS Feed: > > https://www.listbox.com/member/archive/rss/182180/21181056-a6eb2d37 > > Modify Your Subscription: https://www.listbox.com/member/?&; > > Powered by Listbox: http://www.listbox.com > > > > > ------------------------------------------- > illumos-discuss > Archives: https://www.listbox.com/member/archive/182180/=now > RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175687-799b1238 > Modify Your Subscription: https://www.listbox.com/member/?&; > Powered by Listbox: http://www.listbox.com ------------------------------------------- illumos-discuss Archives: https://www.listbox.com/member/archive/182180/=now RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be Modify Your Subscription: https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4 Powered by Listbox: http://www.listbox.com
