I'm having trouble uploading ("publishing"?) large CRLs file (any over about 16.6 MB).
The client (OpenLDAP's ldapmodify) ends up saying:
ldapmodify: update failed: cn=... ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
even though it has contacted the server (OpenLDAP's slapd), as evidenced by server log messages:
May 15 12:54:23 ... slapd[14659]: conn=0 fd=14 ACCEPT from IP=...:53557 (IP=0.0.0.0:389) May 15 12:54:23 ... slapd[14659]: conn=0 op=0 BIND dn="... method=128 May 15 12:54:23 ... slapd[14659]: conn=0 op=0 BIND dn="..." mech=SIMPLE ssf=0 May 15 12:54:23 ... slapd[14659]: conn=0 op=0 RESULT tag=97 err=0 text= May 15 12:54:23 ... slapd[14659]: conn=0 fd=14 closed (connection lost)
I wouldn't have been surprised if there were a server-side limit that I'm hitting, but I'm not seeing any evidence of an intentional server-side limit (e.g., an explicit error message).
I have found some references to slapd.conf settings sockbuf_max_incoming and sockbuf_max_incoming_auth, but:
1) they're described in terms of LDAP PDUs, but I don't know whether a CRL (an attribute value) needs to fit in a single PDU or not (does it?), and
2) the slapd.conf manual page says the default sockbuf_max_incoming_auth value is 4194303, which make it seem less likely that it's related to the limit I'm hitting around 16.6 MB .
Are they relevant or not?
Increasing the server logging level yields:
May 15 13:07:13 ... slapd[14691]: cber_get_next on fd 14 failed errno=34 (Numerical result out of range) May 15 13:07:13 ... slapd[14691]: connection_read(14): input error=-2 id=0, closing. May 15 13:07:13 ... slapd[14691]: connection_closing: readying conn=0 sd=14 for close May 15 13:07:13 ... slapd[14691]: connection_close: conn=0 sd=14 May 15 13:07:13 ... slapd[14691]: daemon: removing 14 May 15 13:07:13 ... slapd[14691]: conn=0 fd=14 closed (connection lost)
Does this seem to a simple configuration problem or a bug?
(This is with Debian Lenny versions:
# slapd -V @(#) $OpenLDAP: slapd 2.4.11 (Oct 12 2008 04:13:21) $ buildd@ninsei:/build/buildd/openldap-2.4.11/debian/build/servers/slapd
# ldapmodify -V ldapmodify: @(#) $OpenLDAP: ldapmodify 2.4.11 (Oct 12 2008 04:12:41) $ buildd@ninsei:/build/buildd/openldap-2.4.11/debian/build/clients/tools (LDAP library: OpenLDAP 20411) )
Thanks, Daniel
openldap-software@openldap.org