Are the attributes you are searching on indexed?
Sellers
On Feb 7, 2008, at 11:47 AM, Quanah Gibson-Mount wrote:
--On Thursday, February 07, 2008 10:09 AM +0200 Amir Saad <eng__amir@hotmail.com
wrote:
I setup OpenLDAP & MIT Kerberos successfully. I created a self-signed certificate for OpenLDAP and I configured the server to work only on ldaps. I migrated all existing users and groups to OpenLDAP. Everything was working just perfect till I added a new group object using ldapadd and then deleted it using ldapdelete, since then ldapsearch takes very long time to complete. It returns the correct results but after very long time. I tried ldapsearch -d8 to see what is going on and here are the errors I got: TLS certificate verification: Error, self signed certificate TLS certificate verification: depth: 0, err: 18, subject: [SOME INFORMATION HERE] TLS trace: SSL_connect:SSLv3 read server certificate A TLS trace: SSL_connect:SSLv3 read server done A TLS trace: SSL_connect:SSLv3 write client key exchange A TLS trace: SSL_connect:SSLv3 write change cipher spec A TLS trace: SSL_connect:SSLv3 write finished A TLS trace: SSL_connect:SSLv3 flush data TL! S trace: SSL_connect:SSLv3 read finished A TLS trace: SSL3 alert write:warning:bad certificate TLS: unable to get peer certificate.
Do you think the delay is related to the above? What is wrong with OpenLDAP? I did not touch any configuration, only ldapadd and ldapdelete! This piece of software is very unstable :( Please help.
What version of OpenLDAP? What database backend? Have you actually tuned it correclty? Added indices for the searches you use? etc. I've found OpenLDAP to be both (a) extremely fast and (b) extremely stable.
And yes, you need to fix your cert configuration. It looks like you created an invalid cert.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration
______________________________________________ Chris G. Sellers | NITLE - Technology Team 734.661.2318 | chris.sellers@nitle.org AIM: imthewherd | GoogleTalk: cgseller@gmail.com