Question about "nss_ldap: could not get LDAP result - Can't contact LDAP server" error

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Question about "nss_ldap: could not get LDAP result - Can't contact LDAP server" error

Luiz Alfredo Baggiotto
Hello

We have a OpenLDAP-2.2.23 + Samba 3.0.14a and the system is logging a lot (one to each minute, more or less) of errors like this:

server smbd[10799]: [ID 510469 daemon.error] nss_ldap: could not get LDAP result - Can't contact LDAP server

Well, I would like to ask to samba specialists if is possible that the problem is this slapd.conf option:

idletimeout     30

I´m using it because I was compiled LDAP with wrapper option and wrapper doens´t support more than 256 simultaneous connections. Then, I´m thinking if smbd process is trying to restablish a closed connection and because that generating the error. Is it possible?
Thank you very much.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
Reply | Threaded
Open this post in threaded view
|

Re: Question about "nss_ldap: could not get LDAP result - Can't contact LDAP server" error

tom burkart
On Apr 27, Luiz Alfredo Baggiotto wrote:

> We have a OpenLDAP-2.2.23 + Samba 3.0.14a and the system is logging a lot (one to each minute, more or less) of errors like this:
> server smbd[10799]: [ID 510469 daemon.error] nss_ldap: could not get LDAP result - Can't contact LDAP server
Are you using "start tls"?  If yes, are you using self-signed
certificates?

> I´m using it because I was compiled LDAP with wrapper option and wrapper doens´t support more than 256 simultaneous connections. Then, I´m thinking if smbd process is trying to restablish a closed connection and because that generating the error. Is it possible?
Possible.  But look at it from this angle:  Is there a need for you to
restrict this?  -  As in how many active ldap clients will there be at any
one time?  Of course there is the other issue of just turning it off to
test/verify the system and then seeing whether it is necessary and then
turning it back on.

tom.
Consultant

AUSSEC    Phone: 61 4 1768 2202
339 Blaxland Rd., Ryde NSW 2112
Email: [hidden email]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba