0 Replies Latest reply on Apr 18, 2018 3:42 PM by Andrew Watkins

    Solaris 11.4: LDAP Clients may Fail to connect to all AD/LDAP straight away

    Andrew Watkins

      Hi,

       

      I have noticed with Solaris 11.4 the ldap_cachemgr (svc:/network/ldap/client:default) only connects to 1 of my 3 LDAP servers (Active Directory) at start up and then after 5 mins (300 seconds) it finally connects to the others. I have tried it on different Solaris 11.4 machines and the AD server it connects to is different (i.e. Host A=>ldap1, host B => ldap3)so it is not at the AD end.

       

      Naturally, Solaris 11.3 does not have this problem and only for LDAPS connections.

       

      Anyone noticing this or any debug pointers.

       

      # svcadm restart ldap/client:default

      # /usr/lib/ldap/ldap_cachemgr -g

       

      cachemgr configuration:

      server debug level          0

      server log file "/var/ldap/cachemgr.log"

      number of calls to ldapcachemgr          8

       

      cachemgr cache data statistics:

      Configuration refresh information:

        Configured to NO REFRESH.

      Server information:

        Previous refresh time: 2018/04/18 13:54:07

        Next refresh time:     2018/04/18 13:59:07

        server: ldap01.dcs.bbk.ac.uk, UNKNOWN/UNKNOWN, status: ERROR

          vendor: UNKNOWN, version: UNKNOWN

          last seen: UNKNOWN, round trip: N/A

          error message: Can not get the root DSE from server ldap01.dcs.bbk.ac.uk (openConnection: failed to start TLS security on ldap://ldap01.dcs.bbk.ac.uk:636 (Can't contact LDAP server))

        server: ldap02.dcs.bbk.ac.uk, AD/RAWSSL, status: UP

          vendor: Microsoft Corporation, version: UNKNOWN

          last seen: 2018/04/18 13:54:07, round trip: 13.395 ms

        server: ldap03.dcs.bbk.ac.uk, UNKNOWN/UNKNOWN, status: ERROR

          vendor: UNKNOWN, version: UNKNOWN

          last seen: UNKNOWN, round trip: N/A

          error message: Can not get the root DSE from server ldap03.dcs.bbk.ac.uk (openConnection: failed to start TLS security on ldap://ldap03.dcs.bbk.ac.uk:636 (Can't contact LDAP server))

      Cache data information:

        Maximum cache entries:          256

        Number of cache entries:          0

       

       

      # cat /var/ldap/cachemgr.log

      Wed Apr 18 13:54:07.2050 Starting ldap_cachemgr, logfile /var/ldap/cachemgr.log

      Wed Apr 18 13:54:07.2178        getldap_get_rootDSE: Can not get the root DSE from server ldap03.dcs.bbk.ac.uk (openConnection: failed to start TLS security on ldap://ldap03.dcs.bbk.ac.uk:636 (Can't contact LDAP server)).

      Wed Apr 18 13:54:07.2182        getldap_get_rootDSE: Can not get the root DSE from server ldap01.dcs.bbk.ac.uk (openConnection: failed to start TLS security on ldap://ldap01.dcs.bbk.ac.uk:636 (Can't contact LDAP server)).

      Wed Apr 18 13:54:07.2234        sig_ok_to_exit(): parent exiting...

      Wed Apr 18 13:54:07.2236        getldap_set_refresh_ttl:(6) refresh ttl is 300 seconds

       

      After 5 mins:

      # /usr/lib/ldap/ldap_cachemgr -g

       

      cachemgr configuration:

      server debug level          0

      server log file "/var/ldap/cachemgr.log"

      number of calls to ldapcachemgr         12

       

      cachemgr cache data statistics:

      Configuration refresh information:

        Configured to NO REFRESH.

      Server information:

        Previous refresh time: 2018/04/18 13:59:07

        Next refresh time:     2018/04/18 14:04:07

        server: ldap01.dcs.bbk.ac.uk, AD/RAWSSL, status: UP

          vendor: Microsoft Corporation, version: UNKNOWN

          last seen: 2018/04/18 13:59:07, round trip: 10.231 ms

        server: ldap02.dcs.bbk.ac.uk, AD/RAWSSL, status: UP

          vendor: Microsoft Corporation, version: UNKNOWN

          last seen: 2018/04/18 13:59:07, round trip: 8.501 ms

        server: ldap03.dcs.bbk.ac.uk, AD/RAWSSL, status: UP

          vendor: Microsoft Corporation, version: UNKNOWN

          last seen: 2018/04/18 13:59:07, round trip: 8.718 ms

      Cache data information:

        Maximum cache entries:          256

        Number of cache entries:          0

       

      Thanks,

       

      Andrew