On Wed, 2002-04-17 at 11:36, John Green wrote: > Just my two cents worth... > I recently set up an LDAP server w/Kerberos/SASL authentication. I am using > RH72. It worked nicely with the 2.0.11 rpms, but when I attempted the exact > same install with the 2.0.21 rpms it failed every time, no communication via > SASL to Kerberos. I had originally thought it was incompatibility with newer > LDAP/older SASL, but since then I've heard numerous stories about RH's > 2.0.21 rpm not working for various reasons. I would probably place the blame > on that, rather than the LDAP version itself. If you want to use rpms (as I > did) I would recommend using the older version (also as I did). Our problems are not with the kerberos interaction. Kerberos has been working fine for months, and has been communicating with OpenLDAP just fine. This problem I'm having is not just with 2.0.21. I've had it for the last 2 or 3 redhat OpenLDAP releases including 2.0.16, 2.0.18 and 2.0.21. So it's not kerberos. It's definitely in OpenLDAP, or maybe there's some data corruption going on or something. I'm thinking it may have to do with resource allocation. Maybe there's not enough threads or maximum allowable connections. The older version had significant problems on our system, including core-dumps. Never did figure that one out. But for the record, OpenLDAP 2.0.21 works fine with SASL and Kerbers as shipped by RedHat, other than this major problem which I have had with several versions of openldap. Michael > > > -----Original Message----- > > From: owner-openldap-software@OpenLDAP.org > > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of > > Michael Torrie > > Sent: Wednesday, April 17, 2002 10:15 AM > > To: Adam Williams > > Cc: OpenLDAP Mailling List > > Subject: Re: broken pipe - serious problem with OpenLDAP 2.0.21 > > > > > > On Wed, 2002-04-17 at 09:42, Adam Williams wrote: > > > What is your platform/OS? > > > > RedHat Linux 7.2, stock stuff, with RedHat's OpenLDAP rpms. > > > > > > > > If Linux have you increased the number of available file > > handles, etc... > > > > Yes. File handles are at max. > > > > > > > > > > > Is your OpenLDAP threaded? > > > > Yes. Can it handle the load of 400 client machines in non-threaded > > mode? > > > > Michael > > > > > > > > > > >commands on the clients just return "broken pipe." This > > is a serious > > > >problem and it's causing a lot of problems, especially > > with our mail > > > >server. Users are getting bumped from mailing lists because these > > > >periodic outages cause sendmail to report "Unknown users." > > > >Has anyone experienced this? Is it just that OpenLDAP > > doesn't scale? > > > >We only support about 4000 users on one server. I'd turn > > on debugging > > > >but I don't know what level would be appropriate. Too > > much debugging > > > >output slows OpenLDAP way down and the users notice very > > slow logins. > > -- > > Public key available from http://students.cs.byu.edu/~torriem > > > > -- Public key available from http://students.cs.byu.edu/~torriem
Attachment:
signature.asc
Description: This is a digitally signed message part