*What steps will reproduce the problem?* 1. install prosody & configure LDAP support (https://wiki.koumbit.net/ProsodyConfiguration) 2. have a few users having irregular conversations (client: irssi-plugin-xmpp) 3. wait 4 months *What is the expected output? What do you see instead?* I was expecting Prosody to run forever. ;) Instead, it crashes with this awful error message: Feb 20 15:48:26 c2s29ce210 info Client connected Feb 20 15:48:30 xmppclient_listener error Traceback[c2s]: /usr/lib/prosody/modules/mod_auth_ldap.lua:21: LuaLDAP: Can't contact LDAP server: stack traceback: /usr/lib/prosody/net/xmppclient_listener.lua:62: in function </usr/lib/prosody/net/xmppclient_listener.lua:62> [C]: in function 'search' /usr/lib/prosody/modules/mod_auth_ldap.lua:21: in function 'find_userdn' /usr/lib/prosody/modules/mod_auth_ldap.lua:40: in function 'test_password' /usr/lib/prosody/modules/mod_auth_ldap.lua:67: in function 'plain_test' /usr/lib/prosody/util/sasl/plain.lua:63: in function </usr/lib/prosody/util/sasl/plain.lua:37> (tail call): ? /usr/lib/prosody/modules/mod_saslauth.lua:76: in function </usr/lib/prosody/modules/mod_saslauth.lua:65> (tail call): ? /usr/lib/prosody/util/events.lua:67: in function 'fire_event' /usr/lib/prosody/core/stanza_router.lua:135: in function </usr/lib/prosody/core/stanza_router.lua:44> ... [C]: in function 'parse' /usr/lib/prosody/util/xmppstream.lua:200: in function 'feed' /usr/lib/prosody/net/xmppclient_listener.lua:145: in function 'data' /usr/lib/prosody/net/xmppclient_listener.lua:161: in function </usr/lib/prosody/net/xmppclient_listener.lua:158> (tail call): ? /usr/lib/prosody/net/server_select.lua:820: in function </usr/lib/prosody/net/server_select.lua:802> [C]: in function 'xpcall' /usr/bin/prosody:427: in function 'loop' /usr/bin/prosody:494: in main chunk [C]: ? The LDAP server *CAN* be reached properly with `ldapsearch`, and if Prosody is restarted, authentication resumes like normal. *What version of the product are you using? On what operating system?* prosody-0.8.2-1 on Debian squeeze. Note that I use a variation of the builting LDAP module from: http://scm.stefant.org/svn/tools/stuff/trunk/patches/prosody/mod_auth_ldap.lua For reasons explained well here: https://groups.google.com/forum/?fromgroups=#!topic/prosody-dev/KC6HYRauQXc

Same error here. It happens everyday with 6 users using it. Latest version of Prosody 0.9.4-1~wheezy1, and using 5 Pidgin + 1 Adium as clients.

Hi, thanks for confirming that this affects more than one system. What LDAP server (+version) do you use?

• owner MattJ

You are welcome! :) It's OpenLDAP Server 2.4.23-7.2. Please, find attached de mod_auth_ldap.lua that we are using. And thank you very much for your fast answer!

• mod_auth_ldap.lua

Two more pieces of information if possible: your LuaLDAP version, and is your LDAP server on the same machine as Prosody or is it remote? One theory: is there a firewall/router between Prosody and the LDAP server that might be timing out idle connections?

LuaLDAP version (1.1.0) ls -lha /usr/lib/x86_64-linux-gnu/lua/5.1/lualdap.so /usr/lib/x86_64-linux-gnu/lua/5.1/lualdap.so -> lualdap.so.1.1.0 We use it everyday, and this just happens once/twice a day and we have to stop/start it to keep it working and hit reconnect in clients. There is a Firewall, but we are using it from the internal network. Anyway, 5222 port is opened for client connections when we are outside.

The problem isn't the connection between the clients and Prosody (on 5222), that seems fine. The problem is the connection between Prosody and OpenLDAP. I wondered if they are on the same server, or if there is a router/firewall between the two servers...

Mmmmm... sorry I misunderstood it. That makes sense, let me check it and do some tests and I'll tell you as soon as possible. Thanks!

Ok, we changed the timeout from 30 minutes to unlimited, to check if this is the problem. I'll tell you in a few days if it happened again or hopefully not ;).

Thanks! I'm just adding a milestone so we don't forget. I'm setting it to 0.10, because that's the release for which we plan to merge LDAP support directly into Prosody.

• tags Milestone-0.10 Status-Accepted

Ok, "ping" expired message appeared in Pidgin (this is the message that appeared before too). But in the server logs I didn't see the "Can't contact to LDAP Server". Again I need to stop & start Prosody service. I just enabled again the debug mode, to see what is the last thing that happens at Server before crashing.

Hi again, Same error happened. I attached the debug log file of the event that caused the error. I just replaced user names for user1, user2, etc, real domain for mydomain, etc. Hope it helps!

• prosody_debug_error.txt

New test: - Set no limit in FW - Leave a session opened all the night, and it keep logged in with no errors. - Other 5 sessions were closed. When we tried to used it today, the session that was opened all night still works, but the other ones could't log in, and the same error "Can't connect to LDAP server" appears until I stop and start the server to let the other users log in. Hope it helps!

Any update on this issue? I have the same problem, just started using prosody and this hit me a few days after installing prosody with LDAP support. LDAP connection works again after a prosody restart. Info about my setup: Prosody server Ubuntu 14.04 Prosody installed from prosody repos, version 0.9.4-1~trusty1 Lua-ldap installed from ubuntu repos, version 1.1.0-1-geeac494-5 I'm not using the "stefant" version of mod_auth_ldap, I'm using "latest" from hg. LDAP server Windows 2008 R2 std, Active Directory (I'm not operating this server so I don't know much more about it than that it works fine for all other services, mantis issue tracker, apache/svn, openfire, owncloud)

I just committed a series of patches, and this should be fixed now. mod_auth_ldap now connects lazily to LDAP, and retries the connection when it fails. I'm marking this as fixed. Please test, and let us know if there are any issues.

• tags Status-Fixed

• owner Waqas