|
Hello, i have found some weird messages in my syslog since i setup openldap and switched my users from local passwd/shadow to openldap. I have two notebooks using sssd and the openldap server is configured with pam_ldap/nss_ldap authentication. I didn't have any problems, but i'm unsure why those message are logged and so i decided to ask this on the list. Those are the messages in question: Mar 22 20:10:01 foobarsrv1 slapd[16923]: connection_input: conn=12652 deferring operation: binding Mar 22 15:36:33 foobarsrv1 slapd[16923]: connection_read(29): no connection! Mar 22 15:37:36 foobarsrv1 slapd[16923]: conn=10375 op=6 ABANDON msg=6 Mar 15 09:00:59 foobarsrv1 slapd[28731]: connection_input: conn=16081 deferring operation: too many executing Mar 12 18:33:54 foobarsrv1 slapd[699]: slap_global_control: unrecognized control: 1.3.6.1.4.1.42.2.27.8.5.1 I have tried to find a solution or reason for this since two weeks or so, but i couldn't find the answer/solution. Regarding the "deferring operation: binding" message i'm just concerned, because their is absolutely no load on the system and i'm not sure what would happen if i had more than 3 clients (including the server) which use ldap. I already tried to match those messages with other things going on on the system, but i could get any match. Currently i get the "deferring operation: binding" anything between 2 and 10 times a day. I know that this may be more than one issue, but i hope that you are willing to help me solve this. This is my slapd.conf:
include
/etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/samba.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args security tls=1 simple_bind=128 access to dn.base="" by * read access to dn.base="cn=Subschema" by * read access to attrs=userPassword by self write by anonymous auth by * none access to * by self write by * read access to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none TLSCipherSuite HIGH:MEDIUM:-SSLv2:-SSLv3 TLSCertificateFile /etc/openldap/ssl/slapdcert.pem TLSCertificateKeyFile /etc/openldap/ssl/slapdkey.pem database hdb suffix "dc=foobar,dc=local" checkpoint 32 30 rootdn "cn=Manager,dc=foobar,dc=local" rootpw {SSHA}XXXX directory /var/lib/openldap-data index objectClass eq index uid pres,eq index memberUid pres,eq index uidNumber pres,eq index gidNumber pres,eq index uniqueMember pres,eq index sambaSID pres,eq index mail pres,sub,eq index cn pres,sub,eq index sn pres,sub,eq index dc eq database config My /etc/ldap.conf
host 127.0.0.1
The openldap server is an up to date Gentoo system.base dc=foobar,dc=local uri ldap://localhost/ ldap_version 3 scope one bind_policy soft idle_timelimit 3600 pam_filter objectclass=posixAccount pam_member_attribute memberuid pam_min_uid 1000 pam_password exop nss_base_passwd ou=People,dc=foobar,dc=local?one nss_base_shadow ou=People,dc=foobar,dc=local?one nss_base_group ou=Groups,dc=foobar,dc=local?one nss_base_hosts ou=Hosts,dc=foobar,dc=local?one ssl start_tls nss_initgroups_ignoreusers root,bin,daemon,adm,lp,sync,shutdown,halt,news,uucp,operator,portage,nobody,man,sshd,cron,mail,postmaster,ldap,m ysql,mediatomb,dovecot,dovenull,apache,openvpn,clamav,bacula,asterisk,ntp If you need more informations just let me know. Kind regards, Timo -- Timo Eissler Senior Project Engineer / Consultant Am Zuckerberg 54 D-71640 Ludwigsburg Tel.: +49 7141 4094003 Mobil.: +49 151 20650311 Email: timo@teissler.de |
Attachment:
signature.asc
Description: OpenPGP digital signature