OES 2018 SP1 - LDAP connections are dropped every 60 seconds

OES 2018 SP1 patched up-to-date 20/Apr/2019.

All of my external LDAP connections to eDirectory are dropped every 60 seconds. For example, on the Dovecot based mail server:

Apr 19 17:43:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting
Apr 19 17:44:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting
Apr 19 17:45:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting
Apr 19 17:53:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting
Apr 19 17:54:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting
Apr 19 17:55:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting
Apr 19 18:13:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting
Apr 19 18:14:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting
Apr 19 18:15:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting
Apr 19 18:16:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting

Notice the gaps between
17:45:10 -> 17.53:10 and
17:55:10 -> 18:13:10

Concurrent Bind Limit: 0 (unlimited)
Idle Timeout: 0 (unlimited)

All connections are over IPv6 LAN subnet. Now going to reproduce over IPv4...

Any ideas?
Thanks in advance.
  • Maybe bug in Update 1 ? Problem started after installing Update 1 ?
  • davidkrotil;2498631 wrote:
    Maybe bug in Update 1 ? Problem started after installing Update 1 ?


    I have no experience without SP1. It was an upgrade from OES 2015 SP1 to 2018 SP1.

    All what we know is:
    - it's not LDAP-query specific (idle connections are dropped as well),
    - it's not timeout-specific (connection are dropped periodically, even after new connection has just established)
    - always occurs at 60 seconds interval (11:03:14, 11:04:14, 11:05:14, etc.)
    - it's not IPv6 specific (connections over IPv4 are also dropped),
    - it's not user specific, all LDAP users experience the same problem,
    - it does not occur in 0-24h, but occurs in few minutes to few hours intervals. Probably it has something to do with server load - but there's very low load.
    - firewall is disabled completely.
  • Additional information:

    Only the master eDirectory server replica is affected. The R/W slave replica server works well. (Both of them have the same version and patchlevel)

    Partition Synchronization is OK. ndsrepair does not find any error.
  • On 25.04.2019 09:54, mauzi wrote:
    >
    > Additional information:
    >
    > Only the master eDirectory server replica is affected. The R/W slave
    > replica server works well. (Both of them have the same version and
    > patchlevel)
    >
    > Partition Synchronization is OK. ndsrepair does not find any error.
    >
    >

    Quite frankly: I doubt this issue come from edirectory, let alone your
    server. I strongly suspect a network issue.

    CU,
    --
    Massimo Rosen
    Micro Focus Knowledge Partner
    No emails please!
    http://www.cfc-it.de
  • mrosen;2498792 wrote:

    Quite frankly: I doubt this issue come from edirectory, let alone your
    server. I strongly suspect a network issue.


    - LDAP connections are dropped on the localhost via the loopback interface too,
    - NCP, CIFS, HTTP(S), SSH (etc.) connections on the same server are not affected,
    - This is a result of a software upgrade from OES 2015 SP1 to 2018 SP1.
  • Do you by chance have an idle timeout defined (iManager -> LDAP -> LDAP Options -> LDAP Server -> Connections)?
  • mathiasbraun;2498817 wrote:
    Do you by chance have an idle timeout defined (iManager -> LDAP -> LDAP Options -> LDAP Server -> Connections)?


    Please see my first post in thread:
    | Concurrent Bind Limit: 0 (unlimited)
    | Idle Timeout: 0 (unlimited)

    and also:
    | - it's not timeout-specific (connection are dropped periodically, even after new connection has just established)

    Thanks.
  • Did you ever trace this? If possible with concurrent LDAP and network traces...
  • Yes. I'm busy trying to find the needle in the haystack.
  • On 25.04.2019 17:54, mauzi wrote:
    >
    > mathiasbraun;2498817 Wrote:
    >> Do you by chance have an idle timeout defined (iManager -> LDAP -> LDAP
    >> Options -> LDAP Server -> Connections)?

    >
    > Please see my first post in thread:
    > | Concurrent Bind Limit: 0 (unlimited)
    > | Idle Timeout: 0 (unlimited)
    >
    > and also:
    > | - it's not timeout-specific (connection are dropped periodically, even
    > after new connection has just established)


    Now it sounds as if LDAP unloads/reloads itself. Nothing in the logs?

    CU,
    --
    Massimo Rosen
    Micro Focus Knowledge Partner
    No emails please!
    http://www.cfc-it.de