ASHTI performed relatively well throughout the 2003-2004 and 2004-2005 years. It suffered a hard disk failure in spring 2005. Since it was not under service plan, I opted to repurpose a pair of old (but compatible) 18G drives from KE to bring it back into service. While it was down, SITH acted as the primary LDAP server. In conjunction with bringing ASHTI back into service, I upgraded to the latest hotfix for Sun ONE Directory Server.
Early fall semester, 2005, I rebuilt SITH to be a mirror LDAP server using the same Jumpstart image as ASHTI. Both are currently online in dual-master mode.
I set the connection timeout parameter to 0 to disable connection timeouts on the server.
This seems to have been the cause of all the connection "closed error 11 (Resource temporarily unavailable)" errors, which were in turn probably the cause of MacOS X boxes not being able to authenticate properly. The previous setting was 10 seconds, and the average idle time for connections that ended with this error was between 9 and 10 seconds (sometimes greater than that, but if we're talking about an alarm that a thread sets, then it could very well be greater, or it could also be that some sort of keepalive traffic had been sent but not logged in the access log).
Tue Jun 17 14:20
We haven't had any more errors in the LDAP logs and MacOS X logons are working consistently now.
slapd, the LDAP daemon on ASHTI, has now died twice unexpectedly. I have written a short script to make sure that its PID is still present in /proc every minute and to restart it if not.
I have done the final OS install and directory server setup on ASHTI. It is ready for migration.
ASHTI (SunFire V120) is going to be the new LDAP directory server. I have performed the final Jumpstart using Solaris 9, Directory Server configuration. See ASHTI's TWiki page for specifications of this machine.
The Sun ONE Directory Server is configured as server ID ashti and has an SSL certificate for directory.earlham.edu (which is going to be the official CNAME for LDAP). It is all ready to go; at this point we need to finalize the import procedure from SHANTI's flat files before we can do the final cutover.
Other things that need to be set up: