Hello,
How can I find this informations? I didn't find any information about binding by using the command: #/usr/sbin/slapcat -n 0 -l output.ldif
Command result: http://pastebin.com/4ihGjLXf
# cat /etc/ldap/ldap.conf URI ldaps:/// BASE dc=sms,dc=fr TLS_CACERT /etc/ssl/pki/fr.sms.ca.crt TLS_REQCERT never
cat /etc/default/slapd SLAPD_CONF= SLAPD_USER="openldap" SLAPD_GROUP="openldap" SLAPD_PIDFILE= SLAPD_SERVICES="ldaps:/// ldapi:///" SLAPD_SENTINEL_FILE=/etc/ldap/noslapd SLAPD_OPTIONS=""
Does anyone have an ideai why it works half the time?
Thanks, sms.
----- Mail original ----- De: "25Dollar Tech" 25dollartechhelp@gmail.com À: "amicale salmson" amicale.salmson@free.fr Envoyé: Lundi 15 Octobre 2012 14:11:36 Objet: Re: openldap-technical Digest, Vol 59, Issue 15
Hello you must check in your bind details from conf or ldif file
Message: 2 Date: Mon, 15 Oct 2012 12:57:56 +0200 (CEST) From: amicale.salmson@free.fr To: openldap-technical@openldap.org Subject: Open LDAP sometimes "Can't contact LDAP server" Message-ID: < 258228487.277539862.1350298676206.JavaMail.root@zimbra63-e11.priv.proxad.net >
Content-Type: text/plain; charset=utf-8
Hello all,
I developed a PHP application which use slapd. Sometimes, I have the message "Can't contact LDAP server", but sometimes it works (almost half the time)
Just before it hangs, I see the following message: -------------------------------------------------- daemon: epoll: listen=8 active_threads=0 tvp=zero daemon: epoll: listen=9 active_threads=0 tvp=zero daemon: epoll: listen=10 active_threads=0 tvp=zero connection_read(20): input error=-2 id=1530, closing. connection_closing: readying conn=1530 sd=20 for close daemon: removing 20 conn=1530 fd=20 closed (connection lost) daemon: activity on 1 descriptor daemon: activity on: --------------------------------------------------
Sometimes, I also see theses messages: -------------------------------------------------- slapd[9635]: connection_close: deferring conn=1582 sd=22 connection_input: conn=1593 deferring operation: binding --------------------------------------------------
I use : - debian 6.0.5 - slapd 2.4.23-7.2 - OpenSSL 0.9.8o 01 Jun 2010
SSL certificats generated with XCA : - openssl x509 -text -in /etc/ssl/pki/ca.crt Data: Version: 3 (0x2) Signature Algorithm: sha1WithRSAEncryption Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: Certificate Sign, CRL Sign Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA Netscape Comment: xca certificate - openssl x509 -text -in /etc/ssl/pki/server.crt Data: Version: 3 (0x2) Signature Algorithm: sha1WithRSAEncryption Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (4096 bit) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment Netscape Cert Type: SSL Server Netscape Comment: xca certificate
Certificats import: ----- BEGIN /etc/ssl/pki/ldap/ldap.ldif ----- dn: cn=config replace: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ssl/pki/ca.crt - replace: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/pki/ldap.crt - replace: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ssl/pki/server.pem ----- END /etc/ssl/pki/ldap/ldap.ldif -----
ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/pki/ldap/ldap.ldif
I don't see at all where the problem can comes from because it works half the time. Can anyone help me?
Regards, sms
------------------------------
_______________________________________________ openldap-technical mailing list openldap-technical@openldap.org http://www.openldap.org/lists/mm/listinfo/openldap-technical
End of openldap-technical Digest, Vol 59, Issue 15 **************************************************