implementing PAM Authentication Timing Out on CentOS 7 While Using LDAP
I'm performance testing and I'm refactoring my project and I'm working on a personal project and I'm experiencing a frustrating scenario where PAM authentication via LDAP on my CentOS 7 server times out intermittently. The server is configured to authenticate against an OpenLDAP server. After a successful login attempt, I sometimes receive a timeout behavior, and the user is unable to log in. The relevant configuration in my `/etc/pam.d/system-auth` file looks like this: ```plaintext auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth required pam_ldap.so use_first_pass account required pam_unix.so account sufficient pam_ldap.so password required pam_unix.so nullok sha512 shadow try_first_pass use_authtok password sufficient pam_ldap.so use_authtok session required pam_limits.so session required pam_unix.so session optional pam_ldap.so ``` I've been testing the LDAP connection using `ldapsearch` and it seems to work fine when queried directly, as follows: ```bash ldapsearch -x -H ldap://ldap.example.com -b "dc=example,dc=com" -D "cn=admin,dc=example,dc=com" -W ``` This command returns the expected results without any delays. However, when users try to log in, we see the following behavior in `/var/log/secure`: ```plaintext sshd[12345]: pam_ldap: ldap_bind: need to contact LDAP server ``` I've checked the network and firewall settings, and everything appears to be in order. The LDAP server is reachable, and there aren't any noticeable latency issues. This behavior seems to happen more frequently during peak hours when many users are attempting to authenticate simultaneously. I've tried adjusting the `timelimit` and `idle` settings in the `ldap.conf` file, but that didn't seem to help. Has anyone else faced a similar scenario with PAM and LDAP on CentOS 7? What could be causing these intermittent timeout errors, and how can I resolve them? This is part of a larger CLI tool I'm building. Any ideas what could be causing this? I'm working in a Linux environment. Any feedback is welcome!