From what I can gather and the people I've talked to Apple are aware of
the issue..
My experience with the instability was on a dual G5 Xserve and an old
G4 tower set up as a test replica.. for refernce
On 31 Jan 2005, at 13:56, Matt Richard wrote:
I have run 2.1 in the past, and by itself it is perfectly stable. The
problem points are where Apple integrates OpenLDAP with OD code and
Password Server. I have seen similar crashes, but only on dual-cpu
servers.
There is also a problem with the way OD clients pick the replica they
want to use. From my experience it seems like the clients grab the
information from cn=ldapreplicas,cn=config,dc=example,dc=edu which
has a list of all the valid OD servers. After that the client starts
using the first server in the list, which is the OD master. If the OD
master is unavailable, the clients will switch to another replica.
There is also a problem with LDAP clients using cleartext (or simple)
authentication. Sometimes the slapd process hangs with 100% cpu.
Sometimes slapd incorrectly denies an authentication request. I'd
look to see if the Redhat clients are using simple authentication or
if they are able to do SASL LDAP binds for authentication.
I'm sure Apple is working on these problems, but I suggest you tell
Apple about them yourself, if you hope to get them fixed. I'd suggest
opening a case or submitting a bug through the Developer site.
-Matt
At 10:37 AM +0000 1/31/05, Richard Pride wrote:
As far as I have been informed (please correct me if I'm wrong) but
there is an issue with the version of OpenLDAP that Apple ships in
the server software...They use 2.1 which is allegedly buggy compared
to 2.2 which is the accepted stable series..
I had an issue with an OD master which kept crashing out, I had
around 150 10.3 Macs, and somewhere in the region of 350 Red Hat
clients authenticating off it
So we moved on to plan v2.0, we created an OD replica for the RedHat
boys incase it was being caused by network issues between buildings
on campus.. The same thing happened to the OD replica, CPU use went
through the roof and the machine would hang.. The cause seemed to tie
in when users first logged in a lecture and there was a large amounts
of passwords being change.
We ended up ditching the RH boxes authenticating off the server and
et voila the CPU issues ceased..
Does anyone else have similar experiences?
On 31 Jan 2005, at 10:20, Matt Jenns wrote:
Hi all,
Have a customer with around 300+ 10.3.7 clients connected to an OD.
I set it up three weeks ago and they've been slowly adding machines
into the system. The master (dual G4 Xserve, 10.3.7) has in the last
week had a series of slapd crashes (two or three a day, seemingly
load related). The log shows that the crashed thread seems to have
something to do with password server eg:
I'm hoping it's just a load issue, but the two main AFP servers
(dual G5 Xserves, 10.3.7) are both OD replicas, yet hardly any
client ever seems to use them. If i look at all three boxes' LDAP
connections right now, for example, i get this:
In the absence of any better ideas, i'm adding a StartupItem that
will randomly pick an ldap server, use ipfw to block the other two,
restart DirectoryService, and then flush ipfw again. What sort of
load are others seeing on their LDAP boxes? Is it worth adding an
idle timeout to slapd.conf?
thanks in advance
matt jenns
--
Matt Richard
Access and Security Coordinator
Computing Services
Franklin & Marshall College
email@hidden
(717) 291-4157
Richard Pride
Senior IT Technician - Mac Support, Video Post and New Media.
Bournemouth Media School.
Apple Centre of Excellence
Tel : (01202) 595040
"So we went to Atari and said, 'Hey, we've got this
amazing thing, even built with some of your parts,
and what do you think about funding us? Or we'll
give it to you. We just want to do it. Pay our
salary, we'll come work for you.' And they said,
'No.' So then we went to Hewlett-Packard, and they
said, 'Hey, we don't need you. You haven't got
through college yet.'"
--Apple Computer Inc. founder Steve Jobs on attempts
to get Atari and H-P interested in his and Steve
Wozniak's personal computer.
The day Microsoft make something that doesn't suck will be the day they
start making vacuum cleaners
This e-mail is intended only for the person to whom it is addressed and may contain confidential information. If you have received this e-mail in error, please notify the sender and delete this e-mail, which must not be copied, distributed or disclosed to any other person.
Any views or opinions presented are solely those of the author and do not necessarily represent those of Bournemouth University. Nor can any contract be formed on the University's behalf via e-mail.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/macos-x-server/email@hidden
