LDAP Connection Issues

ldap

#1

Last two days I have been getting LDAP connection errors. These errors prevent users from logging on. We have a number of other services that use LDAP, including our mail server and Phabricator, none of which have had a problem. The DC doesn't show any errors in Event Viewer. The issue seems to resolve itself after several hours or after I reboot the ownCloud machine. Is it possible for issues like this to be caused by high disk usage and slow mysql queries?

Not sure about steps to reproduce, because I'm not sure what the cause of the issue is.

Steps to reproduce
1. Get MySQL to use high CPU
2. Try logging in.

Expected behaviour
Tell us what should happen
LDAP should connect or provide more meaningful error messages.

Actual behaviour
Tell us what happens instead
LDAP won't connect and users can't login. Non-LDAP users can login.

Server configuration
Operating system: Ubuntu 16
Web server: Apache 2.4.18
Database: mysql 5.7
PHP version: 7
ownCloud version (see ownCloud admin page):
Updated from an older ownCloud or fresh install: fresh
Special configuration (external storage, external authentication, reverse proxy, server-side-encryption): external storage, LDAP to windows DC

ownCloud log (data/owncloud.log)

"reqId":"iSwTz7+ERM63frf6ytiM","remoteAddr":"192.168.16.225","app":"webdav","message":"Exception: {\"Message\":\"HTTP\\/1.1 503 OC\\ServerNotAvailableException: Lost connection to LDAP server.\",\"Exception\":\"Sabre\\DAV\\Exception\\ServiceUnavailable\",\"Code\":0,\"Trace\":\"#0 \\/var\\/www\\/owncloud\\/3rdparty\\/sabre\\/dav\\/lib\\/DAV\\/Auth\\/Plugin.php(163): OCA\\DAV\\Connector\\Sabre\\Auth->check(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#1 [internal function]: Sabre\\DAV\\Auth\\Plugin->beforeMethod(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#2 \\/var\\/www\\/owncloud\\/3rdparty\\/sabre\\/event\\/lib\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\n#3 \\/var\\/www\\/owncloud\\/3rdparty\\/sabre\\/dav\\/lib\\/DAV\\/Server.php(446): Sabre\\Event\\EventEmitter->emit('beforeMethod', Array)\n#4 \\/var\\/www\\/owncloud\\/3rdparty\\/sabre\\/dav\\/lib\\/DAV\\/Server.php(248): Sabre\\DAV\\Server->invokeMethod(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))\n#5 \\/var\\/www\\/owncloud\\/apps\\/dav\\/appinfo\\/v1\\/webdav.php(57): Sabre\\DAV\\Server->exec()\n#6 \\/var\\/www\\/owncloud\\/remote.php(164): require_once('\\/var\\/www\\/ownclo...')\n#7 {main}\",\"File\":\"\\/var\\/www\\/owncloud\\/apps\\/dav\\/lib\\/Connector\\/Sabre\\/Auth.php\",\"Line\":153,\"User\":\"REDACTED"}","level":4,"time":"2017-03-22T06:02:07+00:00","method":"PROPFIND","url":"\/owncloud\/remote.php\/webdav\/","user":"REDACTED"}

{"reqId":"1aiwZpL8IZHrjboAo\/Uf","remoteAddr":"192.168.16.147","app":"user_ldap","message":"Error when searching: Can't contact LDAP server code -1","level":3,"time":"2017-03-22T06:01:45+00:00","method":"PROPFIND","url":"\/owncloud\/remote.php\/webdav\/","user":"REDACTED"}


#2

Yes, I have seen this same behavior when MySQL responses are slow. LDAP is not the problem, it's your database server.

It's not clear from your writeup, but it appears that you are running MySQL on the same server as ownCloud. I'd move it to it's own server, with lots of memory. Then you'll want to tune MySQL. There are plenty of tips in this forum and in the older ownCloud forums. ownCloud is heavily, heavily dependent on a performant database.


#3

Thanks!

I did some performance tuning (increased innodb buffer pool size substantially). That seems to do the trick.

They are running on the same server. I will look at moving MySQL off if the problem occurs again.

Kind of a misleading error.