Bug 662075
Summary: | Periodic burst of LDAP "Invalid credentials" | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Chris Adams <linux> |
Component: | nss_ldap | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 5.5 | CC: | dpal, jplans |
Target Milestone: | rc | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-05-03 18:07:37 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Chris Adams
2010-12-10 15:18:57 UTC
One other thing: I said multiple programs log this, but only one logs it at a time. For example, I got a burst of errors from dovecot-auth yesterday at 16:15, 17:31, and 23:41-23:42. I got errors from restorecond at 22:15-22:18. Is it possible that nss_ldap has some internal resource leak (but eventually resets itself)? It seems that you have an intermittent failure with your LDAP connection. We suggest that you consider taking a look at SSSD. Based on the information in the ticket it is hard to try to indetify what is going wrong. It might be caused by intermittent network outages or issues in the unerlaying LDAP library. Since it is not possible to reproduce we will not address this issue. Please let us know and reopen if you have additional information that would allow us to reproduce. However SSSD is really a much better solution for the cases when the intermittent network failures are frequent, please consider. Development Management has reviewed and declined this request. You may appeal this decision by reopening this request. The problem is certainly not a network outage, since the primary OpenLDAP server is on the same host and is accessed via the Unix domain socket (ldapi:///). There is no indication of any network outage (the secondary server is connected to the same switch, both are on the same subnet/VLAN, and there are no errors on any of the interfaces). SSSD is not a solution, given the performance problems I saw when trying it on RHEL 6 (BZ 664071, "hopefully" fixed in a new version). SSSD is also lacking tools to manage the cache (such as invaldating an entry, like "nscd -i passwd <deleted-user>"). Also, if the problem is in the underlying LDAP library, switching to SSSD wouldn't help (since it still uses the same OpenLDAP client library). Pleas open the bug with the ldap library. It does not seem to be the case with nss_ldap. |