Monday Jan 14, 2008

Unable to retrieve a backend BIND/MODIFY/SEARCH connection

 


If you are working with Sun Java System Directory Proxy Server (aka DPS) 6.0+ and noticing the following error, you might be interested in this article:

/app/dps/slapd-dps/logs $ ldapsearch -D "uid=ldapadmin,ou=admins,dc=abc,dc=com" -w password -b "dc=abc,dc=com" -p 389 uid=user1 dn
ldap_simple_bind: Operations error
ldap_simple_bind: additional info: Unable to retrieve a backend BIND connectioN

For some of you,the message may be related to a different operation type like ADD or SEARCH etc. However, the reason stays the same. As it is evident from the message, there is no connection available in the pool to serve the request.If you have the default DPS settings, very likely, you would see it when your DPS instance is stressed. By default, MAX connections in a
pool is set to 1024 and it should generally suffice for a normal dps instance.
I see this when I stress my DPS instance with SLAMD. Typically, a stress test utilizes all the available connections forcing the new clients to wait for a connection to be free.

Internally, a Worker thread does wait for the time specified in connectionPoolTimeoutInMillisec prior to declaring that there is no connection available. The attribute
connectionPoolTimeoutInMillisec resides under cn=config and its default value is 3000.

In case you are getting troubled with this frequently, it means that number of connections in your pool isn't sufficient. Either you can set the MAX to the higher value ( default is 1024), or you can increase the timeout to a higher value ( or, 0 for infinite wait).

Wednesday Dec 12, 2007

Checking configuration in DPS

A quick recap of the commands to verify the configuration:

bash-3.00# dpconf info -p 5390
Enter "cn=Proxy Manager" password:
Instance Path : /space/dps_tiko
Host Name : void
Port : 5390
Secure port : 5636
SSL server certificate : defaultServerCert
Server version : Directory Proxy Server 6.2 (More recent than "dpconf" version)

bash-3.00# dpconf get-server-prop -p 5390
Enter "cn=Proxy Manager" password:
allow-cert-based-auth : deny
allow-ldapv2-clients : true

bash-3.00# dpconf list-ldap-data-sources -p 5390
Enter "cn=Proxy Manager" password:
dsmmuc05

bash-3.00# dpconf get-ldap-data-source-prop -p 5390 dsmmuc05
Enter "cn=Proxy Manager" password:
bind-dn : none
bind-pwd : none
client-cred-mode : use-client-identity
connect-timeout : 10s

bash-3.00# dpconf list-ldap-data-source-pools -p 5390
Enter "cn=Proxy Manager" password:
MasterPool
defaultDataSourcePool

bash-3.00# dpconf get-ldap-data-source-pool-prop -p 5390 MasterPool
Enter "cn=Proxy Manager" password:
client-affinity-policy : read-write-affinity-after-any
client-affinity-timeout : 20s

bash-3.00# dpconf list-attached-ldap-data-sources -p 5390 MasterPool
Enter "cn=Proxy Manager" password:
dsmmuc05

bash-3.00# dpconf get-attached-ldap-data-source-prop -p 5390 MasterPool dsmmuc05
Enter "cn=Proxy Manager" password:
add-weight : 1
bind-weight : 1
compare-weight : 1

bash-3.00# dpconf list-ldap-data-views -p 5390
Enter "cn=Proxy Manager" password:
MasterView
root data view

About

This is the blog of a software engineer, specialized in identity management. Kunal Sinha works in Directory Services Engineering (OpenDS) team from Austin,Texas.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today
Bookmarks