'RE: Strange warnings from IdP 3.2.1'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    RE: Strange warnings from IdP 3.2.1
From:       "Domingues, Michael D" <michael-domingues () uiowa ! edu>
Date:       2016-04-27 13:04:50
Message-ID: BN1PR0401MB0900AE279F1EDF013B35ACAEEA640 () BN1PR0401MB0900 ! namprd04 ! prod ! outlook ! com
[Download RAW message or body]

Having looked at my configuration, that was the only change I had to make, though in \
my environment, it was 60 seconds that did the trick. Obviously, the ideal time will \
be site specific, depending upon what infrastructure you're dealing with. In my case, \
I had to deal with the interaction of the load-balancer timeout at five minutes, LDAP \
server timeout of never-used connections at two minutes, and the fact that when a \
connection pool is initialized, the constituent connections get tested on first use \
(or checkout) rather than on creation.

Best,
Michael

-----Original Message-----
From: users [mailto:users-bounces@shibboleth.net] On Behalf Of Gerd Schering
Sent: Wednesday, April 27, 2016 7:58 AM
To: users@shibboleth.net
Subject: Re: Strange warnings from IdP 3.2.1

Hello Michael,

that seems to be the good idea! I set idp.pool.LDAP.validatePeriod = 20 and the \
warnings vanished. But 20 s seems very short to me, so I think I will contact our \
network staff.

Thanks a lot. If you made any other configuration changes to help this issue, please \
let me know.

Best,
Gerd

On 27.04.2016 14:14, Domingues, Michael D wrote:
> 
> Sent that last message a bit too soon. As an explanatory follow up, while I was \
> building out our IdPv3 clusters, I encountered that error when connections to our \
> LDAP environment were getting killed by our F5 load balancer due to inactivity. 
> I don't remember the specific configuration change I made off-hand, but it involved \
> dropping the verification query interval to less than the load balancer's \
> keep-alive window. Will follow-up with details once I get into the office, unless \
> someone else chimes in before then. 
> Michael
> ________________________________________
> From: Domingues, Michael D
> Sent: Wednesday, April 27, 2016 7:05:43 AM
> To: Shib Users
> Subject: Re: Strange warnings from IdP 3.2.1
> 
> Hello Gerd,
> 
> What is the default timeout on an inactive connection to your LDAP server? Also, is \
> there a load-balancing device in front of your LDAP server(s) by any chance? 
> Best,
> Michael Domingues
> Directory and Authentication Services, AIS, ITS University of Iowa 
> ________________________________________
> From: users <users-bounces@shibboleth.net> on behalf of Gerd Schering 
> <gerd.schering@tu-berlin.de>
> Sent: Wednesday, April 27, 2016 6:36:06 AM
> To: Shib Users
> Subject: Strange warnings from IdP 3.2.1
> 
> Hi,
> 
> I'm using a fresh install of IdP 3.2.1.
> Everything is working, but I get strange warnings in the idp-warn/process.logs:
> 
> 2016-04-27 13:17:28,748 - WARN
> [org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler:277] - 
> Operation exception encountered, reopening connection
> 2016-04-27 13:17:28,810 - WARN
> [org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler:277] - 
> Operation exception encountered, reopening connection
> 2016-04-27 13:17:28,860 - WARN
> [org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler:277] - 
> Operation exception encountered, reopening connection
> 2016-04-27 13:17:29,015 - WARN
> [org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler:277] - 
> Operation exception encountered, reopening connection
> 2016-04-27 13:17:29,073 - WARN
> [org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler:277] - 
> Operation exception encountered, reopening connection
> 2016-04-27 13:17:29,120 - WARN
> [org.ldaptive.AbstractOperation$ReopenOperationExceptionHandler:277] - 
> Operation exception encountered, reopening connection
> 
> Each time that happens, exactly 6 messages. I could figure out that 
> the time interval between subsequent warnings gets controlled by the 
> idp.pool.LDAP.validatePeriod parameter, set in ldap.properties.
> 
> Such warnings were an issue in version 3.1 of the IdP.
> But as said, I use version 3.2.1 and it is a fresh install not an upgrade.
> By the way, the staus page of the IdP says:
> DataConnector myLDAP: has never failed.
> 
> Any hints will be appreciated,
> Gerd
> 
> --
> ------------------------------------------------------
> -- Gerd Schering, Email: Schering@tubit.TU-Berlin.DE--
> ------------------------------------------------------
> --
> To unsubscribe from this list send an email to 
> users-unsubscribe@shibboleth.net
> 


--
------------------------------------------------------
-- Gerd Schering, Email: Schering@tubit.TU-Berlin.DE--
-- TU Berlin, tubIT IT-Service-Center               --
-- Sekr. E-N 50, Einsteinufer 17, 10587 Berlin      --
-- phone: +49 30 314 24383, fax: +49 30 314 21060   --
------------------------------------------------------
--
To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net
-- 
To unsubscribe from this list send an email to users-unsubscribe@shibboleth.net


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic