I setup OpenLDAP & MIT Kerberos successfully. I created a self-signed certificate for OpenLDAP and I configured the server to work only on ldaps. I migrated all existing users and groups to OpenLDAP. Everything was working just perfect till I added a new group object using ldapadd and then deleted it using ldapdelete, since then ldapsearch takes very long time to complete. It returns the correct results but after very long time. I tried ldapsearch -d8 to see what is going on and here are the errors I got: TLS certificate verification: Error, self signed certificate TLS certificate verification: depth: 0, err: 18, subject: [SOME INFORMATION HERE] TLS trace: SSL_connect:SSLv3 read server certificate A TLS trace: SSL_connect:SSLv3 read server done A TLS trace: SSL_connect:SSLv3 write client key exchange A TLS trace: SSL_connect:SSLv3 write change cipher spec A TLS trace: SSL_connect:SSLv3 write finished A TLS trace: SSL_connect:SSLv3 flush data TLS trace: SSL_connect:SSLv3 read finished A TLS trace: SSL3 alert write:warning:bad certificate TLS: unable to get peer certificate.
Do you think the delay is related to the above? What is wrong with OpenLDAP? I did not touch any configuration, only ldapadd and ldapdelete! This piece of software is very unstable :( Please help.
Thank you
Amir
_________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/