Hello

I've found one problem

I have latest openldap release 2.4.3 (but it is similar on former versions too).

There is small delay (1-2s) on beginning when I query ldap server from the same machine over TLS or SSL. Without SSL is no delay.

Is it bug or is it normal? How can I debug it more?

QUERY with delay: from ldap1 to ldap1 (the same machine) [root@ldap1 ~]# ldapsearch24 -Z -h ldap1.ldapnet.tmapy.cz -x -s sub -D "cn=Manager,dc=tmapy,dc=cz" -b 'dc=tmapy,dc=cz' -w p*****d

QUERY without delay: from ldap1 to ldap1 (the same machine without TLS) [root@ldap1 ~]# ldapsearch24 -h ldap1.ldapnet.tmapy.cz -x -s sub -D "cn=Manager,dc=tmapy,dc=cz" -b 'dc=tmapy,dc=cz' -w p*****d from ldap1 to ldap2 [root@ldap1 ~]# ldapsearch24 -Z -h ldap2.ldapnet.tmapy.cz -x -s sub -D "cn=Manager,dc=tmapy,dc=cz" -b 'dc=tmapy,dc=cz' -w p*****d from ldap2 to ldap1 [root@ldap2 ~]# ldapsearch24 -Z -h ldap1.ldapnet.tmapy.cz -x -s sub -D "cn=Manager,dc=tmapy,dc=cz" -b 'dc=tmapy,dc=cz' -w p*****d

I think my DNS/hosts settings are correct

My testing environment:

servers: ldap1.ldapnet.tmapy.cz ldap2.ldapnet.tmapy.cz ldap3.ldapnet.tmapy.cz

from ldap1 config: slapd.conf TLSCACertificateFile /etc/pki/tls/cacert.pem TLSCertificateFile /etc/pki/tls/certs/ldap1.ldapnet.tmapy.cz-cert.pem TLSCertificateKeyFile /etc/pki/tls/private/ldap1.ldapnet.tmapy.cz-key.pem

[root@ldap1 ~]# hostname ldap1.ldapnet.tmapy.cz

[root@ldap1 ~]# grep ldap1 /etc/hosts 192.168.241.10 ldap1.ldapnet.tmapy.cz

[root@ldap1 ~]# ifconfig eth0 eth0 inet adr:192.168.241.10 Všesměr:192.168.241.255 Maska:255.255.255.0

[root@ldap1 ~]# grep ldap1 /etc/pki/tls/certs/ldap1.ldapnet.tmapy.cz-cert.pem Subject: C=CS, ST=Kraj kralovehradecky, O=T-MAPY spol. s r.o.,OU=ldapnet, CN=ldap1.ldapnet.tmapy.cz

Pavel Lisy