Environment
eDirectory 9.0.3
LDAP server configured to use NMAS (NDSD_TRY_NMASLOGIN_FIRST=true)
Situation
NMAS isn't closing connections when an error occurs try to use a remote proxy connection:
segment of ndstrace.log with NMAS tag enabled.
174900992 NMAS: [2017/10/24 14:44:27.823] 1745617009: Create NMAS Session
174900992 NMAS: [2017/10/24 14:44:27.823] 1745617009: Proxy client address 192.168.0.2:47078
174900992 NMAS: [2017/10/24 14:44:27.823] 1745617009: Trying local password login shortcut for CN=user.OU=employees.OU=people.O=novell
174900992 NMAS: [2017/10/24 14:44:27.825] 1745617009: NMAS Client supplied user DN CN=user.OU=employees.OU=people.O=novell
174900992 NMAS: [2017/10/24 14:44:27.826] 1745617009: ERROR: -659 Creating local session for CN=e13445.OU=employees.OU=people.O=swa-ldap, attempting remote session
174900992 NMAS: [2017/10/24 14:44:27.830] 1745617009: ERROR: -1679 Proxy client not allowed to perform remote login
174900992 NMAS: [2017/10/24 14:44:27.830] 1745617009: NMAS Audit with Audit PA not installed
174900992 NMAS: [2017/10/24 14:44:27.830] 1745617009: Client Session Destroy Request
174900992 NMAS: [2017/10/24 14:44:27.830] 1745617009: Destroy NMAS Session
174900992 NMAS: [2017/10/24 14:44:27.830] 1745617009: Aborted Session Destroyed (with MAF)
174900992 NMAS: [2017/10/24 14:44:27.830] 1745617010: Create NMAS Session
174900992 NMAS: [2017/10/24 14:44:27.831] 1745617010: Proxy client address 10.246.80.23:47078
174900992 NMAS: [2017/10/24 14:44:27.831] 1745617010: NMAS Client supplied user DN CN=user.OU=employees.OU=people.O=novell
174900992 NMAS: [2017/10/24 14:44:27.832] 1745617010: ERROR: -659 Creating local session for CN=user.OU=employees.OU=people.O=novell, attempting remote session
174900992 NMAS: [2017/10/24 14:44:27.823] 1745617009: Proxy client address 192.168.0.2:47078
174900992 NMAS: [2017/10/24 14:44:27.823] 1745617009: Trying local password login shortcut for CN=user.OU=employees.OU=people.O=novell
174900992 NMAS: [2017/10/24 14:44:27.825] 1745617009: NMAS Client supplied user DN CN=user.OU=employees.OU=people.O=novell
174900992 NMAS: [2017/10/24 14:44:27.826] 1745617009: ERROR: -659 Creating local session for CN=e13445.OU=employees.OU=people.O=swa-ldap, attempting remote session
174900992 NMAS: [2017/10/24 14:44:27.830] 1745617009: ERROR: -1679 Proxy client not allowed to perform remote login
174900992 NMAS: [2017/10/24 14:44:27.830] 1745617009: NMAS Audit with Audit PA not installed
174900992 NMAS: [2017/10/24 14:44:27.830] 1745617009: Client Session Destroy Request
174900992 NMAS: [2017/10/24 14:44:27.830] 1745617009: Destroy NMAS Session
174900992 NMAS: [2017/10/24 14:44:27.830] 1745617009: Aborted Session Destroyed (with MAF)
174900992 NMAS: [2017/10/24 14:44:27.830] 1745617010: Create NMAS Session
174900992 NMAS: [2017/10/24 14:44:27.831] 1745617010: Proxy client address 10.246.80.23:47078
174900992 NMAS: [2017/10/24 14:44:27.831] 1745617010: NMAS Client supplied user DN CN=user.OU=employees.OU=people.O=novell
174900992 NMAS: [2017/10/24 14:44:27.832] 1745617010: ERROR: -659 Creating local session for CN=user.OU=employees.OU=people.O=novell, attempting remote session
netstat -nap | grep 524 will show ever increasing connections and possibly many connections in a CLOSE_WAIT state.
Resolution
A defect has been created for this issue.
Please contact technical support for further assistance and a potential fix until a public release is available.
Cause
NMAS isn't correctly closing connections when an error occurs.