Aw: LDAP-Problems after Update Kolab 16

guldendraak at gmx.net guldendraak at gmx.net
Sun Jul 24 15:22:07 CEST 2016


Hi Roland

this sounds really familiar. Yesterday I spent about 5 hours troubleshooting a similar problem. Here is what I did, maybe it is helpful to you as well, but first some info about my setup:

- Kolab 16 on CentOS, latest package versions (some were updated on the 22nd this month)
- multi domain installation as per instructions from here: https://docs.kolab.org/howtos/multi-domain.html

It turns out that wallace has a problem with certain combinations of the modules. This is what I found (defined in /etc/kolab/kolab.conf):

;modules = resources, invitationpolicy, footer  # NOK!
;modules = invitationpolicy                     # OK
;modules = resources                            # OK
;modules = footer                               # OK
;modules = invitationpolicy, resources          # NOK!
;modules = invitationpolicy, footer             # OK
;modules = resources, footer                    # OK

When using one of the settings marked with NOK, I get these symptoms:

- postmap -q ldap:/<path-to-file> completely fails (timeout)
- Users are no longer able to log in
- Wallace and Kolab randomly use 100% CPU
- systemctl restart wallace takes forever (like several minutes), but as soon as this command is issued, logons are possible again, even before the command completes

When Wallace uses 100% CPU, an strace attached to the process shows extremely rapid polling attempts to one of the file descriptors opened by dirsrv. This seems to make dirsrv completely unresponsive also for other clients, therefore logins and postmap don't work while this is happening. I spent the good part of my time trying to troubleshoot dirsrv only to find out that it doesn't have an issue at all.

As a side note: this only started happening _after_ I upgraded some kolab packages on the 22nd (if I remember correctly, some packages were upgraded from 0.8.1 to 0.8.3). Before, Wallace would simply do nothing regarding the invitation policy, but at least it wasn't killing the system. I am wondering what happens if we just not use wallace at all. Do you know the complete list of things it is supposed to do in Kolab?

Cheers

> Gesendet: Sonntag, 24. Juli 2016 um 14:26 Uhr
> Von: "Roland Kolb" <roland.kolb at ib-ulherr.de>
> An: users at lists.kolab.org
> Betreff: LDAP-Problems after Update Kolab 16
>
> Hi all,
> 
> after the update of Kolab 16 (Centos7) I get problems connecting to Kolab.
> 
> A few times per day the connection to the ldap server will be lost. A 
> login to a mail account isn't possible. After about 30min the connection 
> to the ldap server is possible again and also a login the the mail account.
> When I lool into the log files I found
> 
> kolab postfix/trivial-rewrite[21915]: warning: dict_ldap_lookup: Search 
> error -5: Timed out
> kolab postfix/trivial-rewrite[21915]: warning: 
> ldap:/etc/postfix/ldap/mydestination.cf: table lookup problem
> 
> Has somebody an idea what happens why the connection will be lost? My 
> ldap-server
> 
> 389-ds-base.x86_64           (1.3.4.0-32.el7_2)
> 389-ds-base-libs.x86_64    (1.3.4.0-32.el7_2)
> 
> Thanks
> 
> Roland
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users
> 


More information about the users mailing list