LDAP Server Connections Closing Immediately

Jonathan Gryak jgryak at westport.k12.ct.us
Wed Apr 13 20:24:38 CEST 2016 

Hello Alan,
Thank you for the response.  I may have truncated the debug output too
soon. After the 4 connections are used, the following output appears for
each LDAP connection in the same request (notice that the number of slots
reverts back to 32):

> (7)...
> rlm_ldap (ldap): Reserved connection (5)
> (7)...
> rlm_ldap (ldap): Deleting connection (5)
> (7)...
> rlm_ldap (ldap): 0 of 0 connections in use.  You  may need to increase
> "spare"
> rlm_ldap (ldap): Opening additional connection (6), 1 of 32 pending slots
> used
> rlm_ldap (ldap): Connecting to ldap://tso-auth00.westport.k12.ct.us:389
> rlm_ldap (ldap): Waiting for bind result...
> rlm_ldap (ldap): Bind successful
> rlm_ldap (ldap): Reserved connection (6)
> ((7)...
> rlm_ldap (ldap): Deleting connection (6)
> (7)...
> rlm_ldap (ldap): 0 of 0 connections in use.  You  may need to increase
> "spare"
> rlm_ldap (ldap): Opening additional connection (7), 1 of 32 pending slots
> used
> rlm_ldap (ldap): Connecting to ldap://<server>:389
> rlm_ldap (ldap): Waiting for bind result...
> rlm_ldap (ldap): Bind successful
> rlm_ldap (ldap): Reserved connection (7)
> (7)...
> rlm_ldap (ldap): Deleting connection (7)
> (7)...
> rlm_ldap (ldap): 0 of 0 connections in use.  You  may need to increase
> "spare"
> rlm_ldap (ldap): Opening additional connection (8), 1 of 32 pending slots
> used
> rlm_ldap (ldap): Connecting to ldap://<server>:389
> rlm_ldap (ldap): Waiting for bind result...
> rlm_ldap (ldap): Bind successful
> rlm_ldap (ldap): Reserved connection (8)
> (7)...
> rlm_ldap (ldap): Deleting connection (8)
> (7)...
> rlm_ldap (ldap): 0 of 0 connections in use.  You  may need to increase
> "spare"


On Wed, Apr 13, 2016 at 11:32 AM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Apr 13, 2016, at 11:23 AM, Jonathan Gryak <jgryak at westport.k12.ct.us>
> wrote:
> >
> > It appears that the LDAP pool configuration isn't reusing the LDAP
> > connections as configured.
>
>   What does that mean?  There is no configuration which says "re-use LDAP
> connections".  It just uses connections from a pool.
>
> > Below is the debug output of the pool initialization:
>
>   Which shows it making connections...
>
> >
> > Debug Output:
> > rlm_ldap (ldap): Waiting for bind result...
> > rlm_ldap (ldap): Rebinding to URL
> > ldap://ForestDnsZones.<domain>/DC=ForestDnsZones,DC=DC=<domain>
>
>   And... you're running Active Directory.
>
>   When the LDAP module gets a redirect from Active Directory, it connects
> to the other LDAP server.  It does this by re-connecting the existing LDAP
> connection, instead of creating a new one.
>
>   The server is working as designed.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html




-- 
Jonathan Gryak
Infrastructure Manager

Westport Public Schools
Technology Center
136 Riverside Avenue
Westport, CT 06880
(203) 341-1211

More information about the Freeradius-Users mailing list