Hello, I experience some problems with slapd-meta with ldaps backend. gnuTLS (or openssl) negociation timeout seems not to be handled, and i can't find any reference to modify this timeout on docs. My server becames unresponsive (too many connexion slots) when a ssl-secured backend server time out after TCP connexion establishment.

To reproduce the error, i have an meta directory configured like this:

database meta suffix          "dc=localauth" rootdn          "cn=Manager,dc=localauth" rootpw          XXX

uri "ldaps://localhost:666/ou=UT,dc=localauth" lastmod off suffixmassage   "ou=UT,dc=localauth" "ou=people,dc=example,dc=fr" timeout 1 conn-ttl 1 network-timeout 1

And i launch a netcat to listen to the 666 port: nc -l -p 666

Then, this command never time out: ldapwhoami -H ldap://YYYY:9009 -D uid=me,ou=UT,dc=localauth -W

Error does not happen when no ssl used ("timeout 1" option works well)

OS: Debian 8 Jessie x64 slapd: 2.4.40+dfsg-1+deb8u2 gnutls: 3.3.8-6+deb8u4

Sorry for my english, and thanks for the help, Regards, Louis Chanouha University of Toulouse