Summary: slow ldap cause problems to samba, emails etc.

Moved here, due to that, the topic is different.

Problem was (amazingly) fixed by connecting the computer to the Internet.
As it was the LDAP service that misbehaved I would very much like to see how she (the service) is connecting to the Internet.

Here is the thread that I made while having this problem.
Thread

Is it at all possible that something is connecting "home" to Clear foundation?

I have bean happily ignoring this problem since my last post, out of sight, out of mind.
And now that has predictably bit me very hard on the ass!

Server now takes about one hour to boot, is slow and mostly unusable.
If clearos support was not so very expensive I would buy some help from them.

Does anyone have any ideas???

I get them too. And I do have auth problems (delays, retries, etc) that I never been able to solve.

If the errors only occur at boot time it can be ignored.

If you find a cause please let me know.

Sorry I couldn't be more help.

Kevin

I have noticed I get these errors in my log. Should I be worried or just ignore them

Dec 7 15:10:01 fs1 saslauthd[4222]: Retrying authentication
Dec 7 15:15:02 fs1 saslauthd[4219]: Retrying authentication
Dec 7 15:20:01 fs1 saslauthd[4223]: Retrying authentication
Dec 7 15:22:00 fs1 saslauthd[4224]: Retrying authentication
Dec 7 15:22:00 fs1 saslauthd[4219]: Retrying authentication
Dec 7 15:25:02 fs1 saslauthd[4223]: Retrying authentication
Dec 7 15:30:01 fs1 saslauthd[4222]: Retrying authentication
Dec 7 15:35:02 fs1 saslauthd[4220]: Retrying authentication
Dec 7 15:40:02 fs1 saslauthd[4222]: Retrying authentication
Dec 7 15:45:02 fs1 saslauthd[4219]: Retrying authentication
Dec 7 15:50:02 fs1 saslauthd[4220]: Retrying authentication
Dec 7 15:55:02 fs1 saslauthd[4224]: Retrying authentication
Dec 7 16:00:02 fs1 saslauthd[4219]: Retrying authentication
Dec 7 16:05:01 fs1 saslauthd[4220]: Retrying authentication

Same situation here
Paul

Hello everyone,

After digesting this thread I think there are two issues going on here.

1.) The LDAP error occuring at boot up because the LDAP server is not running yet.
2.) nss_ldap and saslauthd error during normal operations (after boot up is complete).

I have two server running in a production environment and both are havving these issues. I am not so concerned about the boot up one but the other one is a problem.

Every ten minutes or so I get the error string:

Sep 8 18:30:01 server saslauthd[5592]: Retrying authentication
Sep 8 18:33:34 server smbd[20367]: nss_ldap: could not search LDAP server - Server is unavailable
Sep 8 18:33:40 server smbd[11403]: nss_ldap: could not search LDAP server - Server is unavailable
Sep 8 18:35:01 server saslauthd[5595]: Retrying authentication
Sep 8 18:38:10 server saslauthd[5594]: Retrying authentication
Sep 8 18:38:20 server saslauthd[5592]: Retrying authentication


I would realy like to get this resolved.

Does anyone have any ideas?

Thank you in advance for your help.

KEvin

It would appear from the following BugId 733 that the issue is still outstanding and the last update was 2009-02-22

I'm seeing this issue and wondered if anyone had found a solution. Thanks Chris

So any News on any kind of workaround for this issue?

nuke, john, teitur,

Not entirely a solution but this tip may be helpful in debugging -

Not sure if you made this change to your /etc/init.d/sshd

# chkconfig: 2345 26 74

instead of

# chkconfig: 2345 55 25

and re-chkconfig'ed the sshd service.

This helped me investigate things better by allowing me to ssh into the system and watch the logs while ldapsync i.e. the kolab service is started just after ldap. This service used to take a lot of time for me to start and during this time we had no choice but to merely wait until I made the above change.

I am also seeing a lot of these messages in my messages logs.

Any News on this?

Well that didn't fix anything.

It would appear from the following linkClarkconnect Bug ID 733 that the issue is still outstanding.

I'll continue to do some searching.

Hi John.

The change is made in the ldap config file. slapd is the daemon that is run. The idea of the change is to allow ldap to restart earlier so it is found by the other processes.

You may wish to also look at saslauthd: Retrying authentication

I added the "/" to the end of the line mentioned in both the template (located at /etc/openldap/templates/saslauthd.conf.template) and the /etc/saslauthd.conf files. Then did a service ldap restart.

Now I will see if the error disappears and report back.

I finally got around to looking at the stuff Nuke posted and while it doesn't seem to apply to ClearOS directly I gave it a shot just to see. First on my box there is no /etc/rc.d/init.d/slapd but rather /etc/rc.d/init.d/ldap so tried making the changes to that file. I'm not an expert on this start up stuff but it seems as if the line we are to change is actually a comment so I'm not sure how changing that line makes a difference.

After the change I went through the other steps listed to get the timing all registered. BTW, when comments 67 & 68 were mentioned above I assume we were referring to the Red Hat Bugzilla – Bug 186527 page - hope that's right.

The change didn't seem to fix much but did generate more errors:

... dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable

... dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP server

So, I switched things back.

I originally started looking into this since browsing the network can be rather slow. Users complained that they couldn't always see the server so I thought there may be some connection between that and the errors I was seeing.

Teitur, unfortunately I don't think my experiment has helped you out much. I'm a little bit over my experience level here so if anyone has some thoughts I'd love to hear them.

John

I haven't tried anything as yet but how did we get from ldap to ntp? Maybe I missed something. Hopefully I can spend a little time on this next week and go over the links Nuke posted.

Im to much of a chicken to try Nuke's fix. And im not sure that will fix these errors except the boot time errors...?

Anyway, these specific errors seem to be fixed, by adding

server 0.europe.pool.ntp.org

server 1.europe.pool.ntp.org

server 2.europe.pool.ntp.org

server 3.europe.pool.ntp.org

to ntp.conf in /etc
Can you please try this (and restart the ntp service) with your server John, I would love to know if this was simply the case.

But now im getting this error every 5 minutes.

May 20 03:15:03 mydomain saslauthd[3715]: Retrying authentication

May 20 03:20:02 mydomain saslauthd[3718]: Retrying authentication

May 20 03:25:02 mydomain saslauthd[3713]: Retrying authentication

May 20 03:30:03 mydomain saslauthd[3719]: Retrying authentication

May 20 03:35:02 mydomain saslauthd[3715]: Retrying authentication

May 20 03:40:02 mydomain saslauthd[3717]: Retrying authentication

Not to hijack the thread but I'm seeing a similar problem and running

getent passwd

does show a list of non-system accounts. I'll be following along to see how this plays out for Teitur.

Have you checked to see if the LDAP server is dying, or perhaps can not be reached because it is too busy searching or tryiing to answer earlier queued requests?

Find out if LDAP is running by executing:

service ldap status

If LDAP is running, verify that nss_ldap can communicate with it by executing:

getent passwd

If this returns the list of users that are in LDAP (non system accounts), the problem is most likely a problem with LDAP being overloaded, or has some other operational problem.

The above is a start to help you to diagnose where the problem may be. It is entirely likely that the solution will be simple once we can identify the cause.

Cheers,
John T.

Teitur, please check a few things. I got confused when reading the recommended solution and maybe you did the same thing that I did. By mistake I put those lines into the slapd file.

I think this is OK to do on ClearOS because it is a CentOS/RedHat derivative. Also, I found the same issue on each website that reports bugs. You can see it by doing a Google search on: "dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP server"

I think that we are supposed to do:
1) The first part of that solution is to make a change in line that shows chkconfig: in the /etc/rc.d/init.d/slapd.

Then you have to save that file. If you don't do the next two lines, you won't change the boot order of ldap so the fix won't work.

2) Finally as root type the other two lines on the command line. The "chkconfig --del slapd" removes all the slapd from all the rc.d/init.d/ directories. ie. removes the slapd from the various runtime startups.

From the man page:

chkconfig --del name

              The service is removed from chkconfig management, and any symbolic links in /etc/rc[0-6].d which pertain

              to it are removed.

The final line "chkconfig slapd on" puts the slapd back into the rc.d/init.d/ directories in the new start-up order. I think one could also type "chkconfig --level 345 slapd on". From what I read in the man this might be better. Anyone of the gurus please comment if this is correct.

3) Finally check that it is in the right runtimes by running:

chkconfig --list ldap

The clean install has

ldap           	0ff	1ff	2ff	3n	4n	5n	6ff

I hope this helps.

Now the logs are clean when the server is running.
But this error still comes during boot.

So I guess I have to implement "nukes" soulution.

Change the chkconfig line in /etc/rc.d/init.d/slapd to read:

# chkconfig: - 12 73

Then do:

# chkconfig --del slapd
# chkconfig slapd on

This ensures slapd starts after networking and before anything that hangs
without it.

Is this command OK for ClearOS?

May 14 19:38:22 mydomain smbd[28366]: nss_ldap: could not search LDAP server - Server is unavailable... 

May 14 20:33:34 mydomain smbd[28366]: nss_ldap: could not search LDAP server - Server is unavailable... 

May 15 02:12:14 mydomain dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP s... 

May 15 02:12:14 mydomain dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable... 

May 15 02:12:14 mydomain dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP s... 

May 15 02:12:14 mydomain dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable... 

May 15 02:12:14 mydomain dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP s... 

May 15 02:12:14 mydomain dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable... 

May 15 02:12:14 mydomain dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP s... 

May 15 02:12:14 mydomain dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable... 

May 15 02:12:14 mydomain dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP s... 

May 15 02:12:14 mydomain dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable... 

May 15 02:12:14 mydomain dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP s... 

May 15 02:12:14 mydomain dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable... 

May 15 02:12:14 mydomain dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP s... 

May 15 02:12:14 mydomain dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable... 

May 15 02:12:14 mydomain dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP s... 

May 15 02:12:14 mydomain dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable... 

May 15 02:12:14 mydomain hald[2237]: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP se... 

May 15 02:12:14 mydomain hald[2237]: nss_ldap: could not search LDAP server - Server is unavailable... 

May 15 02:12:14 mydomain hald[2237]: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP se... 

May 15 02:12:14 mydomain hald[2237]: nss_ldap: could not search LDAP server - Server is unavailable... 

May 15 02:12:16 mydomain dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP s... 

May 15 02:12:16 mydomain dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable... 

May 15 02:12:16 mydomain dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP s... 

May 15 02:12:16 mydomain dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable... 

May 15 02:12:16 mydomain dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP s... 

May 15 02:12:16 mydomain dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable... 

May 15 02:12:16 mydomain dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP s... 

May 15 02:12:16 mydomain dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable... 

May 15 02:12:16 mydomain dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP s... 

May 15 02:12:16 mydomain dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable... 

May 15 02:12:16 mydomain dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP s... 

May 15 02:12:16 mydomain dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable... 

May 15 02:12:16 mydomain dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP s... 

May 15 02:12:16 mydomain dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable... 

May 15 02:12:16 mydomain dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP s... 

May 15 02:12:16 mydomain dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable...

Nope, this is happening every so often. No directly related to restarts.

[root@mydomain log]# ldapsync

running full LDAP synchronization

restarting LDAP server

Stopping slapd: [  OK  ]

Starting slapd: [  OK  ]

restarting authentication server

Stopping saslauthd: [  OK  ]

Starting saslauthd: [  OK  ]

synchronizing configuration

synchronizing daemons with domain mydomain.lan

synchronizing Samba file and print services

Shutting down SMB services: [  OK  ]

Starting SMB services: [  OK  ]

synchronizing Samba netbios services

Shutting down NMB services: [  OK  ]

Starting NMB services: [  OK  ]

synchronizing POP/IMAP mail

Shutting down cyrus-imapd: [  OK  ]

Exporting cyrus-imapd databases: [  OK  ]

Importing cyrus-imapd databases: [  OK  ]

Starting cyrus-imapd: [  OK  ]

synchronizing SMTP mail

Reloading postfix: [  OK  ]

synchronizing webmail

synchronizing web proxy

synchronizing FTP

Reloading proftpd: [  OK  ]

synchronizing antivirus

[root@mydomain log]# service ldap restart

Stopping slapd:                                            [  OK  ]

Starting slapd:                                            [  OK  ]

Seems to work.
But Ill keep an eye on the logs.
Thank you.

I guess my assumption was that you were restarting your server.

If not then the following seems to work for me.

[root@server ~]]# ldapsync

[root@server ~]]# service ldap restart

I came across this error today while trying to get netatalk running.

I get the same error.

It appears that this is a know issue in the Redhat/CentOS community. Please see bugs:
Fedora closed even though still open at Redhat
Bug 502072
Bug 182464 and Bug 186527

It looks like the easiest fix to this is to start ldap earlier in the startup.

In particular look at comment 67 and 68.

I'm a bit too much of a newbie to know what this is all about but I think I will manually change the /etc/rc.d/init.d/ldap file to show the change in Comment 68. What I don't know is how to get this change to propagate into the various runlevels (if that is what it is supposed to do) and how to make sure that this change gets reflected with any updates coming down the pipe via the normal ClearOS updates.

Thanks in advance for any help and suggestions.

Thank you for your help.

It seems fine.

[root@mydomain log]# service ldap restart

Stopping slapd:                                            [  OK  ]

Starting slapd:                                            [  OK  ]

Adding monitoring in crontab checking if services are running fine are imperative to my opinion.

It means your LDAP database isn't running, and probably as a result of frequent lock ups as posted in your other thread

Does the following work? if not, does it provide any errors

service ldap restart