LDAP Server Connections Closing Immediately

Jonathan Gryak jgryak at westport.k12.ct.us
Wed Apr 13 21:43:38 CEST 2016 

Alan,
Thank you very much for taking the time to explain this.

Best,
Jonathan

On Wed, Apr 13, 2016 at 3:33 PM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Apr 13, 2016, at 2:50 PM, Jonathan Gryak <jgryak at westport.k12.ct.us>
> wrote:
> > Sorry for not elaborating. I was primarily concerned with the debug
> > message: rlm_ldap (ldap): 0 of 0 connections in use.  You  may need to
> > increase "spare"
>
>   OK...
>
> > I suppose that I would expect the slot count in the pool to decrease or
> > increase with each connection used, as when the server initially starts
> up
> > the number of available slots decreases from 32 to 28.
>
>   As I explained.  When the LDAP module gets a redirect from Active
> Directory, it connects to the other LDAP server.  It does this by
> re-connecting the existing LDAP connection, instead of creating a new one.
>
>   Since the existing connection is now pointing to a DIFFERENT ldap
> server, it's not connected to the MAIN ldap server.
>
>   So the LDAP module closes the connection.
>
> > Regarding the "re-use LDAP connections", I thought the lifetime=0 setting
> > would mean that an existing slot would used, and that slot would be
> > indicated in the debug output for each LDAP connection.
>
>   The meaning and function of "lifetime=0" is documented in the config
> files.  Read them to see how it works.
>
> > I though perhaps
> > that the "1 of 32 pending slots used" message indicated that a new thread
> > was being created each time, rather than reusing one from the pool.
>
>   If you read the debug output, you would see what I explained.  It grabs
> a connection from the pool.  The connection is used to talk to AD.  AD
> returns a redirect to another LDAP server.
>
>   Since the existing connection is now pointing to a DIFFERENT ldap
> server, it's not connected to the MAIN ldap server.
>
>   So the LDAP module closes the connection.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
Jonathan Gryak
Infrastructure Manager

Westport Public Schools
Technology Center
136 Riverside Avenue
Westport, CT 06880
(203) 341-1211

More information about the Freeradius-Users mailing list