Fabian Steiner wrote:
Howard Chu wrote:
Fabian Steiner wrote:
Of course, I don't want to hijack the OP's thread but as our problems seem to be rather similar I can also provide the corresponding slapd log:
This looks like a simple configuration error; you have slapd configured to require client certificates and the client didn't send one. Either you need to configure the client with a certificate, or you need to relax the requirement on the server. [...]
In fact, this was also our first assumption after having analyzed the output for the very first time but due to our configuration this should't happen:
[...] TLSCertificateFile /etc/ssl-certs/ldap.crt TLSCertificateKeyFile /etc/ssl-certs/ldap.key TLSCACertificateFile /etc/ssl-certs/ca.crt TLSVerifyClient never [...]
Moreover, this wouldn't explain why it /does/ work for some time (as far as our case is concerned it works as long as slapd isn't restarted). Once the problem has occured the server has to be rebooted in order to ensure a working setup again :-(
The fact that a reboot is required indicates that any problem is not in any user-level code. Maybe your /dev/random has run out of entropy, or some other underlying system resource is gone. Maybe strace would help here.