Apologies if this is a duplicate post. I never saw it on the list
and it's not in the list archive at openldap.org.
-------------------------------------------------------------
I have an interesting problem and before I go over to the Microsoft
Active Directory groups I want to eliminate OpenLDAP as the culprit.
I have Postfix configured to verify recipients in Active Directory
using OpenLDAP (Postfix and OpenLDAP running on Fedora Core 2). 99.5%
of the time, the Active Directory server responds to LDAP Search
Requests within 1 millisecond (based on an Ethereal trace).
Every once in a while, the response takes 60-70 seconds. What I see
in the Ethereal trace then is a series of TCP-level retransmissions
followed by an LDAP "Abandon Request" packet. This is followed by
two more TCP-level retransmissions of the search request. Fifteen
seconds after the LDAP "Abandon Request", the client receives a TCP
ACK packet for the Abandon, followed immediately by the response
(with ACK) to the original Search Request. The client (OpenLDAP)
then RSTs the connection. PostFix treats all this as a "temporary
lookup failure". The symptoms point to something causing a long
delay in packet transmission (without actual packet loss) since the
retransmission is happening in the TCP layer and the A/D server
eventually responds to the original Search Request.
Questions:
1) Has anyone seen this behavior?