(RADIATOR) LDAP not timing out?

Mike McCauley mikem at open.com.au
Tue Jan 11 17:40:50 CST 2005


Hello Dave,


On Wednesday 12 January 2005 01:42, Dave Kitabjian wrote:
> Thanks, Mike, for the pointer.
>
> Yes, you're right. I didn't see it because it was nearly 10 minutes
> earlier in the (rather busy) log:
>
> Where Radiator got it's first LDAP error:
>
> Sat Jan  8 18:54:42 2005: DEBUG: Handling with Radius::AuthLDAP2:
> LDAP_AUTH
> Sat Jan  8 18:54:42 2005: INFO: Connecting to localhost, port 389
> Sat Jan  8 18:54:42 2005: INFO: Attempting to bind with dc=..., (server
> localhost:389)
> Sat Jan  8 18:54:42 2005: ERR: ldap search failed with error
> LDAP_OPERATIONS_ERROR.
> Sat Jan  8 18:54:42 2005: ERR: Disconnecting from LDAP server (server
> localhost:389).
>
> The next Access-Request:
>
> Sat Jan  8 18:54:43 2005: DEBUG: Handling with Radius::AuthLDAP2:
> LDAP_AUTH
> Sat Jan  8 18:54:43 2005: INFO: Connecting to localhost, port 389
> Sat Jan  8 18:54:43 2005: ERR: Could not open LDAP connection to
> localhost, port 389. Backing off for 600 seconds.
>
> And then the next request:
>
> Sat Jan  8 18:54:44 2005: DEBUG: Handling with Radius::AuthLDAP2:
> LDAP_AUTH
> (ignored)
>
> Then, 10 minutes (600 seconds) later:
>
> Sat Jan  8 19:04:43 2005: DEBUG: Handling with Radius::AuthLDAP2:
> LDAP_AUTH
> Sat Jan  8 19:04:43 2005: INFO: Connecting to localhost, port 389
> Sat Jan  8 19:04:43 2005: ERR: Could not open LDAP connection to
> localhost, port 389. Backing off for 600 seconds.
>
> Incidentally, here's the OpenLDAP clip that shows why it wasn't
> responding:
>
> OPEN LDAP LOG
> --------------
> Jan  8 18:54:42 lb2 slapd[228]: conn=9408993 fd=12 connection from
> localhost  (127.0.0.1) accepted.
> Jan  8 18:54:42 lb2 slapd[228]: conn=9408993 op=0 BIND dn="DC=..."
> method=128
> Jan  8 18:54:42 lb2 slapd[228]: conn=9408993 op=0 RESULT err=0 tag=97
> nentries=0
> Jan  8 18:54:42 lb2 slapd[228]: conn=9408993 op=1 SRCH base="DC=..."
> scope=1 filter="(uid=MXX)"
> Jan  8 18:54:42 lb2 slapd[228]: strdup(cn=mxx...) failed
> Jan  8 21:03:55 lb2 slapd[67790]: slapd starting
>
> I don't know what caused strdup() to fail in OpenLDAP, but it did.

Mostly likely the LDAP server process failed to allocate memory. Memory leak 
in OpenLDAP?

>
> Anyway, I guess Radiator behaved as it should by ignoring the requests.
> However, I would suggest that it might be useful (appropriate?) for
> Radiator trace 4 to indicate that it is ignoring a request. Thoughts?
>
> Thanks for the help!
>
> Dave
>
> > -----Original Message-----
> > From: Mike McCauley [mailto:mikem at open.com.au]
> > Sent: Monday, January 10, 2005 6:45 PM
> > To: Dave Kitabjian
> > Cc: radiator at open.com.au
> > Subject: Re: (RADIATOR) LDAP not timing out?
> >
> > Hello Dave,
> >
> > Does you log contain any lines like:
> > "Could not open LDAP connection to ...."
> >
> > or
> > "Could not bind connection with ....."
> >
> > Cheers.
> >
> > On Tuesday 11 January 2005 08:58, Dave Kitabjian wrote:
> > > Hi, folks.
> > >
> > > Authentication failed this weekend.
> > >
> > > Looking at the logs, the Access-Requests were all getting to this
>
> point:
> > > Sun Jan  9 08:46:32 2005: DEBUG: Handling with Radius::AuthLDAP2:
> > > LDAP_AUTH
> > >
> > > and that's it. Normally they continue with a line like:
> > >
> > > Sun Jan  9 08:46:32 2005: INFO: Connecting to localhost, port 389
> > >
> > > and so on. I thought that I'd at least see timeouts of some sort
>
> later
>
> > > in the logfile, but there are none at all. It's as though the
>
> request
>
> > > just blackholed, and Radiator forgot about it.
> > >
> > > The Unix admin states that slapd (OpenLDAP) was not running. That
> > > explains why LDAP wasn't working. But I don't understand by Radiator
> > > didn't timeout?
> > >
> > > I'm not sure how it could be related, but the problem was
>
> exasperated by
>
> > > the fact that the NASes didn't fail over to the backup Radiator box.
> > >
> > > Any ideas are welcome!
> > >
> > > Dave
> >
> > --
> > Mike McCauley                               mikem at open.com.au
> > Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++,
>
> WWW
>
> > 9 Bulbul Place Currumbin Waters QLD 4223 Australia
> > http://www.open.com.au
> > Phone +61 7 5598-7474                       Fax   +61 7 5598-7070
> >
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,
>
> TLS,
>
> > TTLS, PEAP etc on Unix, Windows, MacOS etc.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list