[prev in list] [next in list] [prev in thread] [next in thread]
List: shibboleth-users
Subject: RE: Strange warnings from IdP 3.2.1
From: "Domingues, Michael D" <michael-domingues () uiowa ! edu>
Date: 2016-04-27 13:04:50
Message-ID: BN1PR0401MB0900AE279F1EDF013B35ACAEEA640 () BN1PR0401MB0900 ! namprd04 ! prod ! outlook ! com
[Download RAW message or body]
Having looked at my configuration, that was the only change I had to make, though in \
my environment, it was 60 seconds that did the trick. Obviously, the ideal time will \
be site specific, depending upon what infrastructure you're dealing with. In my case, \
I had to deal with the interaction of the load-balancer timeout at five minutes, LDAP \
server timeout of never-used connections at two minutes, and the fact that when a \
connection pool is initialized, the constituent connections get tested on first use \
(or checkout) rather than on creation.
Best,
Michael
-----Original Message-----
From: users [mailto:users-bounces@shibboleth.net] On Behalf Of Gerd Schering
Sent: Wednesday, April 27, 2016 7:58 AM
To: users@shibboleth.net
Subject: Re: Strange warnings from IdP 3.2.1
Hello Michael,
that seems to be the good idea! I set idp.pool.LDAP.validatePeriod = 20 and the \
warnings vanished. But 20 s seems very short to me, so I think I will contact our \
network staff.
Thanks a lot. If you made any other configuration changes to help this issue, please \
let me know.
Best,
Gerd
On 27.04.2016 14:14, Domingues, Michael D wrote:
>
> Sent that last message a bit too soon. As an explanatory follow up, while I was \
> building out our IdPv3 clusters, I encountered that error when connections to our \
> LDAP environment were getting killed by our F5 load balancer due to inactivity.
> I don't remember the specific configuration change I made off-hand, but it involved \
> dropping the verification query interval to less than the load balancer's \
> keep-alive window. Will follow-up with details once I get into the office, unless \
> someone else chimes in before then.
> Michael
> ________________________________________
> From: Domingues, Michael D
> Sent: Wednesday, April 27, 2016 7:05:43 AM
> To: Shib Users
> Subject: Re: Strange warnings from IdP 3.2.1
>
> Hello Gerd,
>
> What is the default timeout on an inactive connection to your LDAP server? Also, is \
> there a load-balancing device in front of your LDAP server(s) by any chance?
> Best,
> Michael Domingues
> Directory and Authentication Services, AIS, ITS University of Iowa
> ________________________________________
> From: users <users-bounces@shibboleth.net> on behalf of Gerd Schering
> <gerd.schering@tu-berlin.de>
> Sent: Wednesday, April 27, 2016 6:36:06 AM
> To: Shib Users
> Subject: Strange warnings from IdP 3.2.1
>
> Hi,
>
> I'm using a fresh install of IdP 3.2.1.
> Everything is working, but I get strange warnings in the idp-warn/process.logs:
>
> 2016-04-27 13:17:28,748 - WARN
> [org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler:277] -
> Operation exception encountered, reopening connection
> 2016-04-27 13:17:28,810 - WARN
> [org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler:277] -
> Operation exception encountered, reopening connection
> 2016-04-27 13:17:28,860 - WARN
> [org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler:277] -
> Operation exception encountered, reopening connection
> 2016-04-27 13:17:29,015 - WARN
> [org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler:277] -
> Operation exception encountered, reopening connection
> 2016-04-27 13:17:29,073 - WARN
> [org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler:277] -
> Operation exception encountered, reopening connection
> 2016-04-27 13:17:29,120 - WARN
> [org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler:277] -
> Operation exception encountered, reopening connection
>
> Each time that happens, exactly 6 messages. I could figure out that
> the time interval between subsequent warnings gets controlled by the
> idp.pool.LDAP.validatePeriod parameter, set in ldap.properties.
>
> Such warnings were an issue in version 3.1 of the IdP.
> But as said, I use version 3.2.1 and it is a fresh install not an upgrade.
> By the way, the staus page of the IdP says:
> DataConnector myLDAP: has never failed.
>
> Any hints will be appreciated,
> Gerd
>
> --
> ------------------------------------------------------
> -- Gerd Schering, Email: Schering@tubit.TU-Berlin.DE--
> ------------------------------------------------------
> --
> To unsubscribe from this list send an email to
> users-unsubscribe@shibboleth.net
>
--
------------------------------------------------------
-- Gerd Schering, Email: Schering@tubit.TU-Berlin.DE--
-- TU Berlin, tubIT IT-Service-Center --
-- Sekr. E-N 50, Einsteinufer 17, 10587 Berlin --
-- phone: +49 30 314 24383, fax: +49 30 314 21060 --
------------------------------------------------------
--
To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net
--
To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic