Hi List,

 

i have an problem with slapd-ldap backend and the timeouts.

 

There are many timeouts to configure, but i think they dont work in the tls handshake phase.

 

5816f773 send_ldap_result: conn=-1 op=0 p=0

5816f773 backend_startup_one: starting "sid=3092,sec=webhosting,o=xxxxxx,c=de"

5816f773 ldap_back_db_open: URI=ldaps://sid3092.int.webslave.xxxxxxx

ldap_create

ldap_url_parse_ext(ldaps://sid3092.int.webslave.xxxxxxxx)

5816f773 =>ldap_back_getconn: conn=-1 op=0: lc=0x37c2880 inserted refcnt=1 rc=0

ldap_sasl_bind

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP sid3092.int.webslave.xxxxxxxxx:636

ldap_new_socket: 256

ldap_prepare_socket: 256

ldap_connect_to_host: Trying 10.xx.xx.xx:636

ldap_pvt_connect: fd: 256 tm: 5 async: 0

ldap_ndelay_on: 256

attempting to connect:

connect errno: 115

ldap_int_poll: fd: 256 tm: 5

ldap_is_sock_ready: 256

ldap_ndelay_off: 256

ldap_pvt_connect: 0

TLS trace: SSL_connect:before/connect initialization

TLS trace: SSL_connect:SSLv2/v3 write client hello A

 

And then the slapd hangs and hangs.

 

I know that the consumer ldap is running, but the server itself hangs with an error. In this slapd there are 250 more servers to serve via slapd-ldap, so this will cause an big problem when only one server hangs and the slapd stucks forever.

Are there any other timeouts to configure in slapd-ldap backend ?

 

 

Here´s the slapd.conf:

 

database ldap

                hidden on

                suffix "sid=3092,sec=webhosting,o=xxxxxxxx,c=de"

                rootdn "cn=xxxxxxxx,sid=3092,sec=webhosting,o=xxxxxxxxx,c=de"

                uri ldaps://sid3092.int.webslave.xxxxxxxxx

                network-timeout 5

                timeout bind=5

                lastmod on

                restrict all

 

acl-bind        bindmethod=simple

                binddn="cn=xxxxxx,sid=3092,sec=webhosting,o=xxxxxx,c=de"

                credentials="PASSWORD"

 

syncrepl        rid=3092

                provider=ldapi://%2Fvar%2Frun%2Fldapi

                binddn="cn=Manager,o=xxxxxxxxxxx,c=de"

                bindmethod=simple

                credentials=PASSWORD

                searchbase="sid=3092,sec=webhosting,o=xxxxxxxxxx,c=de"

                type=refreshAndPersist

                retry="10 6 30 +"

 

overlay syncprov

 

 

Regards,

Daniel

 

 

 

Freundliche Grüße,

 

Daniel Betz

System Design Engineer / Senior Systemadministration

___________________________________

 

domainfactory GmbH

Oskar-Messter-Str. 33

85737 Ismaning

Germany

 

Telefon:  +49 (0)89 / 55266-364

Telefax:  +49 (0)89 / 55266-222

 

E-Mail:   dbetz@df.eu

Internet: www.df.eu

 

Registergericht: Amtsgericht München

HRB-Nummer 150294, Geschäftsführer:

Tobias Mohr, Stephan Wolfram