-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Martin,
On 1/9/17 9:01 AM, Martin Knoblauch wrote: > Hi everyone, > > just in case the "final" solution is of interest: the problem was > as usual in the configuration. We did not set the following > directive for the LDAP connection pool: > > LDAPConnectionPoolTTL #seconds > > If the directive is missing, a value of "-1" is implied, meaning > "keep connections open for ever". The LDAP server on the other side > sets an "idle connection timeout" of 600 seconds. As a result a > lookup would fail if it happened 600+ seconds after the first usage > of the connection. 600 seconds is exactly the lifetime of the LDAP > cache. Given the time of the year, usage of the test/integ/devel > environment is minimal and there were no "new" lookups during the > cache lifetime, leading to the repeated failures... > > Setting > > LDAPConnectionPoolTTL 60 > > > solved the problem for good. > > Happy New Year !!! Thanks for coming-back and explaining the problem. Looks like I was right about LDAP. It seems like mod_auth_ldap should be a little more chatty when problems like that happen. :( - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYdTtkAAoJEBzwKT+lPKRYfV0P+QFGQO5dMSHuiyhwmOLH9i12 2LPnzrYRmqaFNekYiXoHfP1pEU2OCcGArUXz33jyaa3b+QijKljBzH6UZ8fiPDWU zqM9CaidqGk5ot/qmpUMtH4xHIyaL+VG4cvqxGR235cdz8x/iWazloduMWw0ZWzP mHXZMp7LXEMwgYG3/dGSrHTXeRsjtOyH3wtck8L5qsNg8PV2GyVi/iC9fP9ZwXRM 5/9MMVHr0LvttXDKyUA5ekRKZLHkZRucx4e6kBn79TR3CLdjYbJVH7ruCsZVRnDz cwU6dKQ5ehk3F27KZrG+RcKVXO9PudU6Wm4JySAh+d+FtfaWZda/wQAFIvqcgweP CawPgkp6E1tsDGQ4ju3gw/S95WMSHZhD3ga6NLto5Q56wGVM71bEXiNrBeK7MMQ9 HZRMzd5A6WkUOc7u7BqQYPM1BjIRcVVm1tgNBZjT8OqKR2+cH6LwqfLnotQbWpLM TO/h3LAF8KKnO4n/eGmM7azicObjQLIzvSog97ivK55m51euWfFKQs7goBFq8Ef7 y49O8toXesfRhHjUkXM6ltm3xBY19qXR2AWUzpAaLxYiZMETml0sUylTLEMUVwLT YuEU1VO+7dyiXfHBB829sWhC3I97cBc6UCoXg00TzQqrIvFsYy0/Ok5YQ2CCG6Qy THm9D9TDqX3dZ/Lc+AJe =rVs7 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
