I'm having trouble uploading ("publishing"?) large CRLs file (any over
about 16.6 MB).

The client (OpenLDAP's ldapmodify) ends up saying:

   ldapmodify: update failed: cn=...
   ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

even though it has contacted the server (OpenLDAP's slapd), as evidenced
by server log messages:

   May 15 12:54:23 ... slapd[14659]: conn=0 fd=14 ACCEPT from IP=...:53557 (IP=0.0.0.0:389)
   May 15 12:54:23 ... slapd[14659]: conn=0 op=0 BIND dn="... method=128
   May 15 12:54:23 ... slapd[14659]: conn=0 op=0 BIND dn="..." mech=SIMPLE ssf=0
   May 15 12:54:23 ... slapd[14659]: conn=0 op=0 RESULT tag=97 err=0 text=
   May 15 12:54:23 ... slapd[14659]: conn=0 fd=14 closed (connection lost)

I wouldn't have been surprised if there were a server-side limit that I'm
hitting, but I'm not seeing any evidence of an intentional server-side limit
(e.g., an explicit error message).

I have found some references to slapd.conf settings sockbuf_max_incoming
and sockbuf_max_incoming_auth, but:

1) they're described in terms of LDAP PDUs, but I don't know whether a CRL (an
    attribute value) needs to fit in a single PDU or not (does it?), and

2) the slapd.conf manual page says the default sockbuf_max_incoming_auth
    value is 4194303, which make it seem less likely that it's related to the
    limit I'm hitting around 16.6 MB .

Are they relevant or not?

Increasing the server logging level yields:

   May 15 13:07:13 ... slapd[14691]: cber_get_next on fd 14 failed errno=34 (Numerical result out of range)
   May 15 13:07:13 ... slapd[14691]: connection_read(14): input error=-2 id=0, closing.
   May 15 13:07:13 ... slapd[14691]: connection_closing: readying conn=0 sd=14 for close
   May 15 13:07:13 ... slapd[14691]: connection_close: conn=0 sd=14
   May 15 13:07:13 ... slapd[14691]: daemon: removing 14
   May 15 13:07:13 ... slapd[14691]: conn=0 fd=14 closed (connection lost)


Does this seem to a simple configuration problem or a bug?


(This is with Debian Lenny versions:

# slapd -V
@(#) $OpenLDAP: slapd 2.4.11 (Oct 12 2008 04:13:21) $
         buildd@ninsei:/build/buildd/openldap-2.4.11/debian/build/servers/slapd

# ldapmodify -V
ldapmodify: @(#) $OpenLDAP: ldapmodify 2.4.11 (Oct 12 2008 04:12:41) $
         buildd@ninsei:/build/buildd/openldap-2.4.11/debian/build/clients/tools
         (LDAP library: OpenLDAP 20411)
)


Thanks,
Daniel
--
(Plain text sometimes corrupted to HTML "courtesy" of Microsoft Exchange.) [F]