Defining timeouts in slapd-ldap Backend - openldap-technical

31 Oct 2016


      Hi List,
i have an problem with slapd-ldap backend and the timeouts.
There are many timeouts to configure, but i think they dont work in the tls handshake phase.
5816f773 send_ldap_result: conn=-1 op=0 p=0
5816f773 backend_startup_one: starting "sid=3092,sec=webhosting,o=xxxxxx,c=de"
5816f773 ldap_back_db_open: URI=ldaps://sid3092.int.webslave.xxxxxxx
ldap_create
ldap_url_parse_ext(ldaps://sid3092.int.webslave.xxxxxxxx)
5816f773 =>ldap_back_getconn: conn=-1 op=0: lc=0x37c2880 inserted refcnt=1 rc=0
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP sid3092.int.webslave.xxxxxxxxx:636
ldap_new_socket: 256
ldap_prepare_socket: 256
ldap_connect_to_host: Trying 10.xx.xx.xx:636
ldap_pvt_connect: fd: 256 tm: 5 async: 0
ldap_ndelay_on: 256
attempting to connect:
connect errno: 115
ldap_int_poll: fd: 256 tm: 5
ldap_is_sock_ready: 256
ldap_ndelay_off: 256
ldap_pvt_connect: 0
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
And then the slapd hangs and hangs.
I know that the consumer ldap is running, but the server itself hangs with an error. In this slapd there are 250 more servers to serve via slapd-ldap, so this will cause an big problem when only one server hangs and the slapd stucks forever.
Are there any other timeouts to configure in slapd-ldap backend ?
Here´s the slapd.conf:
database ldap
                hidden on
                suffix "sid=3092,sec=webhosting,o=xxxxxxxx,c=de"
                rootdn "cn=xxxxxxxx,sid=3092,sec=webhosting,o=xxxxxxxxx,c=de"
                uri ldaps://sid3092.int.webslave.xxxxxxxxx
                network-timeout 5
                timeout bind=5
                lastmod on
                restrict all
acl-bind        bindmethod=simple
                binddn="cn=xxxxxx,sid=3092,sec=webhosting,o=xxxxxx,c=de"
                credentials="PASSWORD"
syncrepl        rid=3092
                provider=ldapi://%2Fvar%2Frun%2Fldapi
                binddn="cn=Manager,o=xxxxxxxxxxx,c=de"
                bindmethod=simple
                credentials=PASSWORD
                searchbase="sid=3092,sec=webhosting,o=xxxxxxxxxx,c=de"
                type=refreshAndPersist
                retry="10 6 30 +"
overlay syncprov
Regards,
Daniel
Freundliche Grüße,
Daniel Betz
System Design Engineer / Senior Systemadministration
___________________________________
domainfactory GmbH
Oskar-Messter-Str. 33
85737 Ismaning
Germany
Telefon:  +49 (0)89 / 55266-364
Telefax:  +49 (0)89 / 55266-222
E-Mail:   dbetz@df.eumailto:dbetz@df.eu
Internet: www.df.euhttp://www.df.eu/
Registergericht: Amtsgericht München
HRB-Nummer 150294, Geschäftsführer:
Tobias Mohr, Stephan Wolfram