Forums

Resolved
0 votes
Version 6.3 Over 16,800 messages similar to this "nslcd[17728]: [138641] ldap_result() failed: Can't contact LDAP server"
(Yes I am on a campaign to get rid of unnecessary messages and clean up my logs so real problems are much more apparent).

Visiting the nss-pam-ldapd-users (http://lists.arthurdejong.org/nss-pam-ldapd-users/) mailing list (nss-pam-ldapd is the full name for nslcd) I found references to Arthur de Jong ( see http://arthurdejong.org/nss-pam-ldapd/ for his involvement ) recommending in some cases reducing the idle_timelimit in /etc/nslcd.conf.

The default is 3600 (seconds - so that is one hour)

I reduced it initially to 120 (2 minutes) - no error messages. Working up they appeared at 300(5 mintes) 240 was fine, so this is currently an extract of my /etc/nslcd.conf


..
# Idle timelimit. nslcd will close connections if the
# server has not been contacted for the number of seconds.
#idle_timelimit 3600
idle_timelimit 240
...

I have not run nslcd in debug mode to see if I have created more overhead than the reduction by removing the constant loggig. As the server here is not that busy, it's is not a consideration, but might be for others.
Thursday, August 23 2012, 03:37 AM
Share this post:
Responses (10)
  • Accepted Answer

    Thursday, November 01 2012, 09:15 PM - #Permalink
    Resolved
    0 votes
    OK. Thanks for the news.

    Rather than bork the update by setting the immutable bit I've made a mini-script to update the nslcd.conf file which I've put in cron.daily:
    if [ ! "$(grep ^idle_timelimit /etc/nslcd.conf)" ]; then
    echo -e "\n# Temporary bugfix until ClearOS 6.4\nidle_timelimit 240" >> /etc/nslcd.conf
    service nslcd restart
    fi
    Then if your fix sets the idle_timelimit it will go through cleanly and if it does something else at least I'll get a mail from the cron daemon saying it has restarted nslcd.

    p.s. I hate the way the board loses tab indentation in code tags :(
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, November 01 2012, 04:38 PM - #Permalink
    Resolved
    0 votes
    Hi Nick,

    The bug fix is scheduled for ClearOS 6.4.0 which should be out around January 1 (it depends on upstream).
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, October 31 2012, 08:47 PM - #Permalink
    Resolved
    0 votes
    My file changed on reboot. Changing it back now and setting the immutable bit this time ......

    Thanks for the solution, Tony. Now, where's the bug fix?
    The reply is currently minimized Show
  • Accepted Answer

    nello
    nello
    Offline
    Saturday, September 01 2012, 06:47 AM - #Permalink
    Resolved
    0 votes
    Great! Thanks to you both :)
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, September 01 2012, 03:34 AM - #Permalink
    Resolved
    0 votes
    If you ever want to make a file immutable so that Webconfig cannot change it no matter what, you can use the following:

    chattr +i /path/to/file


    then to change it back

    chattr -i /path/to/file
    The reply is currently minimized Show
  • Accepted Answer

    Friday, August 31 2012, 11:55 PM - #Permalink
    Resolved
    0 votes
    I have had no need to do anything - mine is still 240 and has not been over-written since the initial change...

    Did you simply change the 3600 to 240, or comment out that line and add another with 240?
    An extract from mine looks like this... (I always make changes like this so I know what the original line was...)

    ...
    # Idle timelimit. nslcd will close connections if the
    # server has not been contacted for the number of seconds.
    #idle_timelimit 3600
    idle_timelimit 240
    ...

    I'm just thinking that maybe if you only changed the 3600 to 240, whatever is scanning the file doesn't find "idle_timelimit 3600" and changes it - whereas in my file it is happy as it is still there and on the same line, albeit disabled...
    idle_speculation on my part...
    The timestamp on my file has changed - so it's obviously been 'touched' - but my 240 is intact...

    [root@alice etc]# ls -lad /etc/nslcd.conf
    -rw------- 1 root root 4611 Aug 29 10:09 /etc/nslcd.conf
    [root@alice etc]#

    Let us know how you made the change...
    The reply is currently minimized Show
  • Accepted Answer

    nello
    nello
    Offline
    Friday, August 31 2012, 07:57 PM - #Permalink
    Resolved
    0 votes
    Tony, did you find a way to keep the "idle_timelimit 240" to remain into the config file?
    I keep getting the file regenerated by the WebConfig and the configuretion revert back to 3600.
    The reply is currently minimized Show
  • Accepted Answer

    nello
    nello
    Offline
    Tuesday, August 28 2012, 02:36 PM - #Permalink
    Resolved
    0 votes
    I tried it and it worked also for me, at least for a while...
    From time to time the nslcd.conf file is regenerated and the item "idle_timelimit 240" removed from the configuration file.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, August 23 2012, 10:07 PM - #Permalink
    Resolved
    0 votes
    Thanks Tony! That has been bugging me too. I just added the topic to the bug tracker.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, August 23 2012, 08:41 PM - #Permalink
    Resolved
    0 votes
    Thanks Tony! I get these too...
    The reply is currently minimized Show
Your Reply