2

Hello fine people!

As a novice in the Linux world, I have managed to learn enough to put into production a ClearOS 5.2 server running the CentOS Linux Distro. This box serves as my Primary Domain Controller, LDAP Server, and OpenVPN server as well as all the related services (file sharing, etc). All works well, except that lately I've noticed the following:

I'm Seeing the following two lines a lot during server reboot:

Sep 30 02:02:23 server1 dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP server
Sep 30 02:02:23 server1 dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable

Using htop, I'm seeing several slapd instances running simultaneously (see attached image):

enter image description here

I'm also seeing the following two lines a lot in /var/log/messages:

Sep 30 02:02:32 server1 dbus-daemon: nss_ldap: failed to bind to LDAP server ldap://localhost: Can't contact LDAP server
Sep 30 02:02:32 server1 dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable

As I mentioned earlier, the server is running fine. I would expect domain authentication to be failing if the LDAP server can't be reached (as the log points out) but that isn't the case. I have a 50 workstation environment with a couple of laptops and all my users are able to login and connect to the shares without any trouble. Also, the server loads (as displayed by htop) look pretty good to me.

So I guess my question is, is this normal behaviour or should I be worried?

nickgrim
  • 4,336
  • 1
  • 17
  • 27
Kismet Agbasi
  • 323
  • 1
  • 4
  • 17

1 Answers1

1

That's not normal behavior. Also, your screenshot is too small to read.

Try to telnet to port 389. If you can connect, it means it's probably not a port issue. If you can't connect, then it means something else is taking over that port or you have a firewall/selinux issue.

If it's a firewall issue, either turn selinux off or configure selinux properly if you have it. Then verify iptables has port 389 open.

If it's not a firewall issue, you'll need to start slapd sooner in your crontab/init.d scripts:

First, edit the chkconfig line in /etc/rc.d/init.d/slapd to chkconfig: - 27 73, write, quit, then:

chkconfig --del slapd
chkconfig slapd on
service slapd stop
service slapd start

You could test your LDAP server by using an LDAP query tool, like: ldapadmin http://www.ldapadmin.org/

If you're able to connect, then congrats, it's working like it should. If you're unable to connect, it probably means your slapd service is overloaded.

When you use htop, highlight all the text on the screen with your mouse, then copy it into a text file and paste it into your question here.

Try to see if your slapd has users authenticating:

getent passwd

If you get a list of ldap users, it means your slapd service is working, but getting overloaded and causing your issue. I can't see your htop results, so I can't say whether or not that makes sense.

Note: Your workstations may have credentials cached if they're Windows boxes; which means they might not be authenticating against the LDAP server after the first time (they might try again at a later time, but they don't always do).

CIA
  • 1,606
  • 2
  • 13
  • 30
  • Sorry for the long delay, it appears my ldap server is getting overloaded. Although, I can't seem to figure out why. I only have about 40 users actively connected at any given time. – Kismet Agbasi Apr 02 '14 at 00:37
  • What over services are running on your box? What does `top` say? – CIA Apr 05 '14 at 22:33