From owner-freebsd-stable@freebsd.org  Fri Dec 27 18:53:17 2019
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 856D71CC061
 for <freebsd-stable@mailman.nyi.freebsd.org>;
 Fri, 27 Dec 2019 18:53:17 +0000 (UTC)
 (envelope-from thenomad@gmail.com)
Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com
 [IPv6:2607:f8b0:4864:20::436])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 47kwvG6jwgz4RML
 for <freebsd-stable@freebsd.org>; Fri, 27 Dec 2019 18:53:14 +0000 (UTC)
 (envelope-from thenomad@gmail.com)
Received: by mail-pf1-x436.google.com with SMTP id x6so14027845pfo.10
 for <freebsd-stable@freebsd.org>; Fri, 27 Dec 2019 10:53:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=sender:subject:to:references:cc:from:message-id:date:user-agent
 :mime-version:in-reply-to:content-language:content-transfer-encoding;
 bh=P0PKiFrPe4UX20sXvXbfqpN9FfeoAL6Jr1lBdNcys3s=;
 b=cMIq0CyEyaR/zfMAkZAe85a+j8F7R9rFKzSalsnm7vo2VbR2STTu5NTFF74ffoDqt8
 4+vufzf5C/Ma3pJk/3Ze2hBcu4il5+0NAo9n6M+AW0g6243BAh/kXdAVihJW+aT1IZ3F
 gER48TkK5C174yJYLGMo+sCVaZJHoOvNFSFFrsbVjy0Gbal8X9I7onY1ZeaYWidhx3f9
 /tafOyWHkmbxcpRcMSqusSCZl1BLZmWPD/KWiDq9HGCbhYCT01qK/kHIHaB9FaY895nM
 TTH14wwU8AbNYHZZaNoLaQFRQ9EpjanetADzAJ4esvF1SuLmT7WwRpHFd2goo/nWMSbV
 H96w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:sender:subject:to:references:cc:from:message-id
 :date:user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=P0PKiFrPe4UX20sXvXbfqpN9FfeoAL6Jr1lBdNcys3s=;
 b=BlaY3lKkgZRmnfgyS+sZjSsvdblwwVUZxp/IAU0SP2QcxfYp3+Qe7vLPBSSYrpvCFD
 vLitsUYUk0W3GQg5dgt2IuezZxUXTA8n5czrX85k7g0UKljy+ZJK87+gN4wUDRHEY2q/
 py4iO5BDHiAPPmWPlTENED7CX0+CiSL/QsRqPie274K9wyA9t6cf0RL/mXekUakGt+38
 q+1xi6l9biOh0k1wj3R34l0qDuGS7VAWMH9SzlWkxc4kdX4WDc6MbrMcYMrr8fB9xWRo
 H9Cf6mGsxLzL+lSPDWbY6rt27EoBmur8S+AAKoeoQBrF7iscdGIrir7Ng0LwEZ6uM7hD
 aZhw==
X-Gm-Message-State: APjAAAVNeaQbtP93ZWQOQPnOiIE3h8OBe47QIZPpzWktL5XCAZYoAo6+
 +4OfwTp8kvY5VljT+lP8WHFJaX9a
X-Google-Smtp-Source: APXvYqzhfbX1CFRM/iHGvoI+1Aa6MSoeZ58xDKeT7KTlokdAf7MR7PzBFfcjIszV11HCubpdwKuuJg==
X-Received: by 2002:a62:7683:: with SMTP id
 r125mr56858939pfc.132.1577472793055; 
 Fri, 27 Dec 2019 10:53:13 -0800 (PST)
Received: from vanyel.ee.washington.edu (vanyel.ee.washington.edu.
 [128.208.232.99])
 by smtp.gmail.com with ESMTPSA id h12sm26469730pfo.12.2019.12.27.10.53.12
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Fri, 27 Dec 2019 10:53:12 -0800 (PST)
Sender: Lee Damon <thenomad@gmail.com>
Subject: Re: ldapsearch stops working after ~4-12 hours (one host of 4)
To: Matt Garber <matt.garber@gmail.com>
References: <23f18d16-7f86-8e94-8cd5-9bed61ea3405@castle.org>
 <CANwXMPM654ewduayedfTBUvbCgTx2yLXFpNeOVxKL3TuRbJX4w@mail.gmail.com>
Cc: freebsd-stable@freebsd.org
From: Lee Damon <nomad@castle.org>
Message-ID: <492d412f-042d-645d-4f29-1e12aacc2d3d@castle.org>
Date: Fri, 27 Dec 2019 10:53:12 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0)
 Gecko/20100101 Thunderbird/68.3.1
MIME-Version: 1.0
In-Reply-To: <CANwXMPM654ewduayedfTBUvbCgTx2yLXFpNeOVxKL3TuRbJX4w@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 47kwvG6jwgz4RML
X-Spamd-Bar: ----
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=cMIq0CyE;
 dmarc=none;
 spf=pass (mx1.freebsd.org: domain of thenomad@gmail.com designates
 2607:f8b0:4864:20::436 as permitted sender) smtp.mailfrom=thenomad@gmail.com
X-Spamd-Result: default: False [-4.90 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 TO_DN_SOME(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+];
 RCPT_COUNT_TWO(0.00)[2];
 FORGED_SENDER(0.30)[nomad@castle.org,thenomad@gmail.com];
 FREEMAIL_TO(0.00)[gmail.com];
 IP_SCORE(-2.70)[ip: (-9.43), ipnet: 2607:f8b0::/32(-2.16), asn: 15169(-1.88),
 country: US(-0.05)]; MIME_TRACE(0.00)[0:+];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 FROM_NEQ_ENVFROM(0.00)[nomad@castle.org,thenomad@gmail.com];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025];
 MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org];
 DMARC_NA(0.00)[castle.org]; MIME_GOOD(-0.10)[text/plain];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 RCVD_IN_DNSWL_NONE(0.00)[6.3.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org
 : 127.0.5.0]; RCVD_TLS_ALL(0.00)[]
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Dec 2019 18:53:17 -0000

On 12/27/19 09:35 , Matt Garber wrote:
> On Fri, Dec 27, 2019 at 12:10 PM Lee Damon <nomad@castle.org
> <mailto:nomad@castle.org>> wrote:
> 
> 
>     Both times I observed this:
> 
>     : ldapsearch -v -LLL -x -h [redacted].ee.washington.edu
>     <http://ee.washington.edu> -b
>     dc=ee,dc=washington,dc=edu uid=[redacted]
>     ldap_initialize( ldap://[redacted].ee.washington.edu
>     <http://ee.washington.edu> )
>     ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
> 
> 
> Do you have connection/access logs on the LDAP server to verify whether
> a connection is even being established? 

I've asked the people who run those servers for that information.

> Also, are you able to try
> running those same ldapsearch queries with the IP address(es) rather
> than DNS names for your server? The “can’t contact” initially seems more
> like potentially DNS resolution or firewall/connectivity than something
> LDAP related like failure to bind successfully…

The host command returned the correct IP address when I queried it. I
don't remember substituting IP addresses when this happened yesterday
and I know I didn't do it this morning. I'll try that the next time this
happens.

nomad