On Thu, 2006-02-16 at 16:26 -0500, Aaron Richton wrote: > Sometimes, a copy of slapd running back-ldap and glue appears hung from a > user's persepctive. Sooner or later, I get in the log: > > conn=89 op=2 ldap_back_retry: retrying URI="ldap://ldap.nbcs.rutgers.edu"; > DN="" > > and then things work again. I'm guessing that there's some sort of network > timeout. conn=89 op=1 was at 16:10:13, the retry message was 16:13:43, and > things looked bad from a user perspective for that 3:30. > > I'm guessing that setting idle-timeout won't help because the connection > isn't idle, and the man page says that with the timeout keyword, "only > write operations are addressed." Is there any way to bring down the > "I give up and am going to retry" interval? > > > note, if this sounds like a bug rather than a configurable, I have gcore > from 16:11 available. But I think I just need a more aggressive > back-ldap...
This message means that ldap_back_retry() was invoked. This occurs when an existing connection appears broken while performing an operation. The "timeout" parameter affects all operations but searches. Searches are affected by the server-enforced or the client requested timelimit in a much similar manner. The point is that in any case that timeout/timelimit is passed to ldap_result(), so if the hanging is related to some tcp/ip issue, there's no guarantee that select/poll/epoll honors it. This might be what's occurring to you. You might force your connections to refresh often by using idle-timeout (invalidate a connection if it's been idle for more than some ttl) or conn-ttl (invalidate connections after some ttl; HEAD only: merging it in 2.3 right now). p. Ing. Pierangelo Masarati Responsabile Open Solution OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: [EMAIL PROTECTED] ------------------------------------------
