I have a very strange effect on my webgateways (version 220.127.116.11.0).
The webgateways get the uid of the user from a squid in front of the filter. This is working fine.
Now, the webgateways should check an openldap directory for group-memberships.
The extract of the uid (Authentication.RawUsername) works fine.
At this point the webgateway sends a LDAP-Searchrequest to the LDAP-Server, but often, and here is my problem, it closes the connection with a <FIN ACK> after the request directly.
The result is, that the LDAP didn't answer to the request and I have no group-memberships.
If I reload the requested website, sometimes the webgateway don't send the <FIN ACK> and the LDAP will answer with the correct values (the LDAP-Request is the same). After this point browsing works for some minutes.
Anybody has seen this before? I have no idea, what I can do.
I would recommend opening a case.
The FIN ACK is not a problem, this is Web Gateway gently closing the connection with the LDAP server. We need to find out WHY the Web Gateway is closing the connection.
I would almost guess that the LDAP server may not be responding in a timley manner therefore MWG tears the connection down.
Tcpdumps can contain sensative information, therefore I would recommend opening a case with the capture you described please also include a feedback. Do not post it to here.
I have opened a case and send traces to it in parallel, because sometimes the community is faster and maybe somebody has seen this in the past.
The <FIN ACK> happens ~0.00002 seconds after the LDAP searchRequest, so I think the response time is not the issue.
Just for info, if someone has the same issue.
We've found the cause.
The problem was, that the Connection Lifetime at the directory server was lower than the value configured at "Connection Live check" at the webgateway. We have decreased the Connection Live check lower the value at the LDAP-Server and now its working.