mauzi Absent Member.
Absent Member.
825 views

OES 2018 SP1 - LDAP connections are dropped every 60 seconds

OES 2018 SP1 patched up-to-date 20/Apr/2019.

All of my external LDAP connections to eDirectory are dropped every 60 seconds. For example, on the Dovecot based mail server:

Apr 19 17:43:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting
Apr 19 17:44:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting
Apr 19 17:45:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting
Apr 19 17:53:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting
Apr 19 17:54:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting
Apr 19 17:55:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting
Apr 19 18:13:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting
Apr 19 18:14:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting
Apr 19 18:15:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting
Apr 19 18:16:10 venus dovecot: auth: Error: LDAP: Connection lost to LDAP server, reconnecting

Notice the gaps between
17:45:10 -> 17.53:10 and
17:55:10 -> 18:13:10

Concurrent Bind Limit: 0 (unlimited)
Idle Timeout: 0 (unlimited)

All connections are over IPv6 LAN subnet. Now going to reproduce over IPv4...

Any ideas?
Thanks in advance.
Labels (2)
0 Likes
12 Replies
Highlighted
davidkrotil Super Contributor.
Super Contributor.

Re: OES 2018 SP1 - LDAP connections are dropped every 60 sec

Maybe bug in Update 1 ? Problem started after installing Update 1 ?
0 Likes
mauzi Absent Member.
Absent Member.

Re: OES 2018 SP1 - LDAP connections are dropped every 60 sec

davidkrotil;2498631 wrote:
Maybe bug in Update 1 ? Problem started after installing Update 1 ?


I have no experience without SP1. It was an upgrade from OES 2015 SP1 to 2018 SP1.

All what we know is:
- it's not LDAP-query specific (idle connections are dropped as well),
- it's not timeout-specific (connection are dropped periodically, even after new connection has just established)
- always occurs at 60 seconds interval (11:03:14, 11:04:14, 11:05:14, etc.)
- it's not IPv6 specific (connections over IPv4 are also dropped),
- it's not user specific, all LDAP users experience the same problem,
- it does not occur in 0-24h, but occurs in few minutes to few hours intervals. Probably it has something to do with server load - but there's very low load.
- firewall is disabled completely.
0 Likes
mauzi Absent Member.
Absent Member.

Re: OES 2018 SP1 - LDAP connections are dropped every 60 sec

Additional information:

Only the master eDirectory server replica is affected. The R/W slave replica server works well. (Both of them have the same version and patchlevel)

Partition Synchronization is OK. ndsrepair does not find any error.
0 Likes
Knowledge Partner
Knowledge Partner

Re: OES 2018 SP1 - LDAP connections are dropped every 60 seconds

On 25.04.2019 09:54, mauzi wrote:
>
> Additional information:
>
> Only the master eDirectory server replica is affected. The R/W slave
> replica server works well. (Both of them have the same version and
> patchlevel)
>
> Partition Synchronization is OK. ndsrepair does not find any error.
>
>

Quite frankly: I doubt this issue come from edirectory, let alone your
server. I strongly suspect a network issue.

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
mauzi Absent Member.
Absent Member.

Re: OES 2018 SP1 - LDAP connections are dropped every 60 sec

mrosen;2498792 wrote:

Quite frankly: I doubt this issue come from edirectory, let alone your
server. I strongly suspect a network issue.


- LDAP connections are dropped on the localhost via the loopback interface too,
- NCP, CIFS, HTTP(S), SSH (etc.) connections on the same server are not affected,
- This is a result of a software upgrade from OES 2015 SP1 to 2018 SP1.
0 Likes
Knowledge Partner
Knowledge Partner

Re: OES 2018 SP1 - LDAP connections are dropped every 60 sec

Do you by chance have an idle timeout defined (iManager -> LDAP -> LDAP Options -> LDAP Server -> Connections)?
0 Likes
mauzi Absent Member.
Absent Member.

Re: OES 2018 SP1 - LDAP connections are dropped every 60 sec

mathiasbraun;2498817 wrote:
Do you by chance have an idle timeout defined (iManager -> LDAP -> LDAP Options -> LDAP Server -> Connections)?


Please see my first post in thread:
| Concurrent Bind Limit: 0 (unlimited)
| Idle Timeout: 0 (unlimited)

and also:
| - it's not timeout-specific (connection are dropped periodically, even after new connection has just established)

Thanks.
0 Likes
Knowledge Partner
Knowledge Partner

Re: OES 2018 SP1 - LDAP connections are dropped every 60 sec

Did you ever trace this? If possible with concurrent LDAP and network traces...
0 Likes
mauzi Absent Member.
Absent Member.

Re: OES 2018 SP1 - LDAP connections are dropped every 60 sec

Yes. I'm busy trying to find the needle in the haystack.
0 Likes
Knowledge Partner
Knowledge Partner

Re: OES 2018 SP1 - LDAP connections are dropped every 60 seconds

On 25.04.2019 17:54, mauzi wrote:
>
> mathiasbraun;2498817 Wrote:
>> Do you by chance have an idle timeout defined (iManager -> LDAP -> LDAP
>> Options -> LDAP Server -> Connections)?

>
> Please see my first post in thread:
> | Concurrent Bind Limit: 0 (unlimited)
> | Idle Timeout: 0 (unlimited)
>
> and also:
> | - it's not timeout-specific (connection are dropped periodically, even
> after new connection has just established)


Now it sounds as if LDAP unloads/reloads itself. Nothing in the logs?

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
mauzi Absent Member.
Absent Member.

Re: OES 2018 SP1 - LDAP connections are dropped every 60 sec

I wrote a simple test program that does ldap_search() calls in endless loop with 1 second delay in between. This should run practically forever with no timeout.

The program runs as expected, but then it exits suddenly. NDSTRACE output shows an unbind on server side:

2644252416 LDAP: DEBUG: DoSearch on connection 0xfbd1110
2644252416 LDAP: DEBUG: Search request:
base: "o=SomeContext"
scope:2 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(cn=username)"
attribute: "mailQuotaStorage"
2644252416 LDAP: DEBUG: Sending search result entry "cn=username,o=SomeContext" to connection 0xfbd1110
2644252416 LDAP: INFO: Sending operation result 0:"":"" to connection 0xfbd1110
2630670080 LDAP: DEBUG: DoUnbind on connection 0xfbd1110
2630670080 LDAP: INFO: Connection 0xfbd1110 closed

Notice that this always occurs at the same second, eg. 11:39:24, 11:40:24, 11:41:24, etc.
What the hell triggers the unbind call and why?
0 Likes
Knowledge Partner
Knowledge Partner

Re: OES 2018 SP1 - LDAP connections are dropped every 60 seconds

On 25.04.2019 23:44, mauzi wrote:
>
> I wrote a simple test program that does ldap_search() calls in endless
> loop with 1 second delay in between. This should run practically forever
> with no timeout.
>
> The program runs as expected, but then it exits suddenly. NDSTRACE
> output shows an unbind on server side:
>
> 2644252416 LDAP: DEBUG: DoSearch on connection 0xfbd1110
> 2644252416 LDAP: DEBUG: Search request:
> base: "o=SomeContext"
> scope:2 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
> filter: "(cn=username)"
> attribute: "mailQuotaStorage"
> 2644252416 LDAP: DEBUG: Sending search result entry
> "cn=username,o=SomeContext" to connection 0xfbd1110
> 2644252416 LDAP: INFO: Sending operation result 0:"":"" to connection
> 0xfbd1110
> 2630670080 LDAP: DEBUG: DoUnbind on connection 0xfbd1110
> 2630670080 LDAP: INFO: Connection 0xfbd1110 closed
>
> Notice that this always occurs at the same second, eg. 11:39:24,
> 11:40:24, 11:41:24, etc.
> What the hell triggers the unbind call and why?
>
>

May sound odd, but a cron job every minute doing NLDAP -U / NLDAP -L? 😉

--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.