Frequent Bad Gateway error when Directory Service is enabled

  • When I have Directory Service enabled, I have frequent Bad Gateway 504 errors. Presumably this has something to do with user-related dialogs, easily reproduced by selecting Access Rights Management/User. wbinfo returns users nice and quick, but within OMV Web Interface, it's very slow, and usually will time out. If I click on Group, it returns after several seconds with groups in AD. I wouldn't say the my AD is very big: 426 groups and 424 users

    Einmal editiert, zuletzt von bkeadle () aus folgendem Grund: 504 errors, not 502 errors

  • winbindd cache setting is already set to 6 minutes. Seems like this might be some nginx setting to wait longer for results? But again, wbinfo queries for users come back almost immediately.


    I see a reference to sssd in these forums, but I don't have /etc/sssd/sssd.conf. Is that some missing piece I *need*? Again, the Group return, but Users will eventually produce an nginix 504 Bad Gateway error.


    What more can I provide to help assist?

    • Offizieller Beitrag

    sssd and realmd are a more modern way of using ad of all flavors. They discover most settings automatically. Getting settings wrong seems to be the driving force for these two packages.


    It would be really nice if they could be built into a plugin. I don't have the skills to do that and no one with the skills has stepped up. Couple of links to look at. First one is mine and I keep threatening to update it. Works on windows and a few others. It only uses sssd. I wrote a script there. I added some comments to the sssd.conf file. I had no luck with realmd but that is not an authoritative answer.


    https://forum.openmediavault.o…Directory-LDAP-Revisited/


    https://forum.openmediavault.o…-Active-Directory-domain/


    This one uses both. Seems to work for samba ad and maybe others.


    What type server are you connecting to? I will be in the back country till Monday.


    I only have a few users but it is almost instant response. Not sure about 450 users.

  • AD Server 2016


    I did find the 2 threads your provided, but wasn't sure if I should proceed with that. I will and see if I get better behavior.


    Thanks for your reply.

  • Followed the threads best I could, but it was a fail.


    realmd apparently not available for v2.x - but proceeded anyway thinking perhaps it wasn't necessary. Maybe it is.


    I put things back the way I had it. getent passwd returns users immediately, as does wbinfo commands. But, on Access Rights Management/User, it spins "Loading..." and eventually gives a 504 Gateway Time-out error. Is there a setting that I can extend the wait so perhaps the users will show up...just to confirm it's a time out issue?


    However, now when I select Group, it returns the local groups instead of my AD group. Previously, it at least returned my AD group. sssd service is stopped.

  • Ah ha! donh I found notes from 4/8/2016 when I was fighting this issue before. Perhaps this will ring a bell and help you suggest a resolution:


    /usr/sbin/omv-rpc "UserMgmt" "getUserList" '{"start":0,"limit":null,"sortfield":null,"sortdir":null}'


    does in fact return a user list after 65 seconds, but presumably not before nginix times out with the 504 error. Not sure what's taking so long when wbinfo -u returns a full list immediately.


    /usr/sbin/omv-rpc "UserMgmt" "getGroupList" '{"start":0,"limit":25,"sortfield":"name","sortdir":"ASC"}'


    returns the group list in just a couple seconds.


    My notes say:

    But that's not making much sense to me now.

  • Well, I'm not getting a user list in short order! What I did was modify /usr/share/openmediavault/engined/rpc/usermgmt.inc thusly:


    /**
    * Enumerate users.
    * @param type The user type, e.g. system, normal or all.
    * @return An array containing user objects with following fields:
    * name, UID, GID, comment, home directory, and shell program,
    * last changed, minimum, maximum, warn, inactive, expire and
    * reserved.
    ...
    if (TRUE === $append) {
    $result[] = array(
    "name" => $user->getName(),
    "uid" => $user->getUid(),
    "gid" => $user->getGid(),
    "comment" => $user->getGecos(),
    "dir" => $user->getHomeDirectory(),
    "shell" => $user->getShell(),
    "lastchanged" => $user->getLastChanged(),
    "minimum" => $user->getMinimum(),
    "maximum" => $user->getMaximum(),
    "warn" => $user->getWarn(),
    "inactive" => $user->getInactive(),
    "expire" => $user->getExpire(),
    "reserved" => $user->getReserved(),
    "groups" => $user->getGroups(),
    "system" => $system
    );
    }
    }
    return $result;


    Interestingly, even though the email Comment Groups is not shown on the Users page, if I open the user, I *DO* see the comment field and the Groups memberships in Groups tab of the user.


    So, presumably all the information trying to be retrieved in the array is excessive...but, is it necessary?

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!