Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

troubleshooting LDAP on fedora

Posted on 2011-03-03
7
Medium Priority
?
667 Views
Last Modified: 2012-05-11
I have recently been tasked with troubleshooting some issues with some Fedora 14 servers. There are several servers and they use LDAP for authentication which is located on one of the Fedora servers.

however the mounts on the servers will become unavailable every 1-2 weeks. At that time the LDAP server has to be restarted and then the mounts are available again. Right now these servers are not critical, but we are going to be relying on them more and more.

Now I have used Fedora a little bit and have a very basic understanding of it. I am primarily a Windows system admin. But I need to start trouble shooting these issues.

What I need is a place to start to find out what the issues are. I am sure that there are log files somewhere that will point me in the correct direction, but I have not the slightest on where to start looking.

Does anyone have any clue where to start looking, or where I can start looking to get more information for you?
0
Comment
Question by:ryan80
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 12

Expert Comment

by:upanwar
ID: 35034237
Please give us details about the following point so that we can help you out.

1. You are using openldap and fedora directory server ?

2. You said that "the mounts on the servers will become unavailable every 1-2 weeks". Mounts on ldap server or ldap server has exported some NFS share which become unavailable.

3. Mounts are local File System or Network filesystem.

4. If mounts become unavailable on LDAP server then please share output of df -h and cat /etc/fstab from LDAP server.

0
 
LVL 12

Author Comment

by:ryan80
ID: 35037493
Thanks for fast reply.

1. I believe that it is directory server. I am not 100% sure how to tell, but I went into /etc and looked into the openldap folder and it looked to be default. I went into the dirsvr folder and there are some folder that match the server name. I also went into the log folder for dirsrv and found some entries in the error log.

Not listening for new connections - too many fds open

2. I believe that the mounts in question are NFS shares from the LDAP server. they use autofs to mount them on demand.

3. The mounts in question are NFS

4. I on the LDAP server there is the /boot which is on /dev/sda1, the root is on a logvol00 which is on sda2, and the moutns in question are from a SAN /dev/mapper/mpath0p1. this last one mapper/mpath0p1, this is the connection to the SAN i assume and this is a multipathing device for the Fibre Channel?
0
 
LVL 12

Expert Comment

by:upanwar
ID: 35038899
I am sure that if you run ulimit -a command then you will get the file discriptors as 1024 so please increase them as per the following.

I have faced the same issue.

     echo "fs.file-max = 64000" >> /etc/sysctl.conf
     
     echo "* soft nofile 8192" >> /etc/security/limits.conf
     
     echo "* hard nofile 8192" >> /etc/security/limits.conf
     
     echo "ulimit -n 8192" >> /etc/profile

    sysctl -p

   source /etc/profile


0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 12

Accepted Solution

by:
upanwar earned 2000 total points
ID: 35039019
You will more info about performance tuning of your directory server by visiting below given URL.

http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Performance_Tuning_Guide/system-tuning.html
0
 
LVL 12

Author Comment

by:ryan80
ID: 35040265
thanks, this looks like a great place to start. one last question,

the last 2 commands that you have there, sysctl -p and source.  

when I run sysctl -p, will those setting take effect immediately?

Also when I run source /etc/profile, I see that there are several scripts that are in there. should I do this at a time when people are not using the server?

I guess that I am just wondering how disruptive this will be.

also would the variables in the sysctl.conf and profile that were already there, have been loaded when the system restarted?

Just want to make sure that i dont cause any issues when these commands are run.
0
 
LVL 12

Expert Comment

by:upanwar
ID: 35041329
We use sysctl -p to bring the changes in effect without reboot so anytime you can use that.

Source command we use to source that particular file and read the changes without reboot so you can immediately do that it will not harm your system or otherwise when you will reboot your system next time the change will in effect after reboot and you don't need to execute both the command.


0
 
LVL 12

Author Closing Comment

by:ryan80
ID: 35041448
Thank you very much for the help. I will apply this and see if this issue happens again.

In looking through the sysctl settings I also saw that the tcp keep alive is 2 hours, so I will be lowering that as well.

Thank you for all your help.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question