LDAP Server Connections Closing Immediately
Danner, Mearl
jmdanner at samford.edu
Wed Apr 13 21:50:59 CEST 2016
Jonathon,
> -----Original Message-----
> From: Freeradius-Users [mailto:freeradius-users-
> bounces+jmdanner=samford.edu at lists.freeradius.org] On Behalf Of
> Jonathan Gryak
> Sent: Wednesday, April 13, 2016 2:44 PM
> To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> Subject: Re: LDAP Server Connections Closing Immediately
>
> Alan,
> Thank you very much for taking the time to explain this.
>
> Best,
> Jonathan
>
> On Wed, Apr 13, 2016 at 3:33 PM, Alan DeKok <aland at deployingradius.com>
> wrote:
>
> > On Apr 13, 2016, at 2:50 PM, Jonathan Gryak <jgryak at westport.k12.ct.us>
> > wrote:
> > > Sorry for not elaborating. I was primarily concerned with the debug
> > > message: rlm_ldap (ldap): 0 of 0 connections in use. You may need to
> > > increase "spare"
> >
> > OK...
> >
> > > I suppose that I would expect the slot count in the pool to decrease or
> > > increase with each connection used, as when the server initially starts
> > up
> > > the number of available slots decreases from 32 to 28.
> >
> > As I explained. When the LDAP module gets a redirect from Active
> > Directory, it connects to the other LDAP server. It does this by
You can dispense with the redirects, if not serving multiple domains, by pointing LDAP to the global catalog ports of the domain controller.
ldap 3268
ldaps 3269
You'll have to get with your AD admins to insure that the attributes you need are exposed to the Global Catalog.
> > re-connecting the existing LDAP connection, instead of creating a new one.
> >
> > Since the existing connection is now pointing to a DIFFERENT ldap
> > server, it's not connected to the MAIN ldap server.
> >
> > So the LDAP module closes the connection.
> >
> > > Regarding the "re-use LDAP connections", I thought the lifetime=0
> setting
> > > would mean that an existing slot would used, and that slot would be
> > > indicated in the debug output for each LDAP connection.
> >
> > The meaning and function of "lifetime=0" is documented in the config
> > files. Read them to see how it works.
> >
> > > I though perhaps
> > > that the "1 of 32 pending slots used" message indicated that a new
> thread
> > > was being created each time, rather than reusing one from the pool.
> >
> > If you read the debug output, you would see what I explained. It grabs
> > a connection from the pool. The connection is used to talk to AD. AD
> > returns a redirect to another LDAP server.
> >
> > Since the existing connection is now pointing to a DIFFERENT ldap
> > server, it's not connected to the MAIN ldap server.
> >
> > So the LDAP module closes the connection.
> >
> > Alan DeKok.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
>
>
> --
> Jonathan Gryak
> Infrastructure Manager
>
> Westport Public Schools
> Technology Center
> 136 Riverside Avenue
> Westport, CT 06880
> (203) 341-1211
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list