Am 04.12.23 um 16:19 schrieb Ondřej Kuzník:
I Know: Starting the loadbalancer service the bind user (binddn=uid=lloadd,ou=users,dc=example,dc=net) will establish the connection to the ldap-server the user who will connect from a client will use these connection to "talk" to the ldap-server with it's own credentials. I can follow this using slapd.conf.I will say it again: lloadd does not open any connections in response to client activity, they are established as part of its operation and until you have at least one, requests will be rejected with 52 Unavailable.
Using cn=config (now with "conns" as loglevel) I see on the loadbalancer: ---------------Dez 04 19:06:52 loadbalancer01 systemd[1]: Starting symas-openldap-server.service - Symas OpenLDAP Server Daemon... Dez 04 19:06:52 loadbalancer01 slapd[2102]: @(#) $OpenLDAP: slapd 2.6.6 (Aug 8 2023 21:23:03) $
openldap
Dez 04 19:06:52 loadbalancer01 slapd[2102]: slapd starting
Dez 04 19:06:52 loadbalancer01 slapd[2102]: daemon: added 4r listener=(nil)
Dez 04 19:06:52 loadbalancer01 slapd[2102]: daemon: added 7r
listener=0x562b0de0d550
Dez 04 19:06:52 loadbalancer01 slapd[2102]: daemon: added 8r
listener=0x562b0de0d640
Dez 04 19:06:52 loadbalancer01 slapd[2102]: daemon: added 9r
listener=0x562b0de0d790
Dez 04 19:06:52 loadbalancer01 slapd[2102]: daemon: added 10r
listener=0x562b0de0d970
Dez 04 19:06:52 loadbalancer01 slapd[2102]: daemon: added 11r
listener=0x562b0de0da60
Dez 04 19:06:52 loadbalancer01 systemd[1]: Started
symas-openldap-server.service - Symas OpenLDAP Server Daemon.
Dez 04 19:06:52 loadbalancer01 slapd[2102]: daemon: epoll: listen=7
active_threads=0 tvp=zero
Dez 04 19:06:52 loadbalancer01 slapd[2102]: daemon: epoll: listen=8
active_threads=0 tvp=zero
Dez 04 19:06:52 loadbalancer01 slapd[2102]: daemon: epoll: listen=9
active_threads=0 tvp=zero
Dez 04 19:06:52 loadbalancer01 slapd[2102]: daemon: epoll: listen=10
active_threads=0 tvp=zero
Dez 04 19:06:52 loadbalancer01 slapd[2102]: daemon: epoll: listen=11
active_threads=0 tvp=zero
Dez 04 19:06:52 loadbalancer01 slapd[2102]: daemon: activity on 1 descriptor Dez 04 19:06:52 loadbalancer01 slapd[2102]: daemon: activity on: Dez 04 19:06:52 loadbalancer01 slapd[2102]:Dez 04 19:06:52 loadbalancer01 slapd[2102]: daemon: epoll: listen=7 active_threads=0 tvp=zero Dez 04 19:06:52 loadbalancer01 slapd[2102]: daemon: epoll: listen=8 active_threads=0 tvp=zero
... --------------- The last messages will repeat until I stop slapd. On the ldap-server (also "conns" as loglevel) I see nothing at all. If I look with "ss" on the loadbalancer I see: --------------- root@loadbalancer01:~# ss -tln | tail -n +1 State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess LISTEN 0 1024 0.0.0.0:1389 0.0.0.0:* LISTEN 0 2048 0.0.0.0:389 0.0.0.0:* LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 1024 0.0.0.0:1636 0.0.0.0:* LISTEN 0 2048 0.0.0.0:636 0.0.0.0:* --------------- Then I tried to read the config with slapcat and I got: --------------------- root@loadbalancer01:~# slapcat -n0 lload_open_listener: bind(3) failed errno=98 (Address already in use) lload_open_listener: bind(3) failed errno=98 (Address already in use) lload_open_listener: failed on ldap://:1389 olcBkLloadListen: value #0: could not open a listener for ldap://:1389config error processing olcBackend={0}lload,cn=config: could not open a listener for ldap://:1389
slapcat: bad configuration file! --------------------- But looking at my configuration I see: --------- olcBkLloadListen: ldap://:1389 olcBkLloadListen: ldaps://:1636 ---------If I change the order of ldap and ldaps I get the same only with ldaps. If I remove on line I get the message with the remaining protocol.
Btw I get all the same errors when I convert the slapd.conf with slaptest and use the result to start the loadbalancer. So I can't find an error here.
At the moment I don't know where to look next Stefan -- Stefan Kania Landweg 13 25693 St. MichaelisdonnSignieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter https://www.dgn.de/dgncert/index.html
smime.p7s
Description: Kryptografische S/MIME-Signatur
