Matthias Leopold <matthias.leopold(a)meduniwien.ac.at> writes:
i'm operating an owncloud server that connects to an IBM Tivoli
Directory Server as LDAP backend. the ldap admin tells me he is seeing
"null binds" from my owncloud server in his logs:
2016-05-24T14:32:56.349452+2:00 srvr_ssl_read: EIO in handshake.
EWOULDBLOCK timeout. Read: -2 of 0
2016-05-24T14:32:56.350445+2:00 GLPSSL019E The SSL layer has reported an
unidentified internal error, SSL extended error code:406.
2016-05-24T14:32:56.351813+2:00 GLPSRV022E Failed to initialize secure
connection from client (connection ID: 61786, IP address: x.x.x.x, Port:
2016-05-24T14:32:56.357220+2:00 GLPSRV044W Client connection from
x.x.x.x bound as NULL closed by server.
i investigated on my server and noticed that it has problems connecting
to the ldaps://ldap.example.com
uri (which is the ITDS server) under
high client system load, whereas connection to ldap://ldap.example.com
$ ldapsearch -v -x -z 0 -H ldaps://ldap.example.com
"ou=groups,dc=example,dc=com" -v "objectClass=posixGroup"
ldap_initialize( ldaps://ldap.example.com:636/??base )
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
my server (RHEL 7 on a ppc64 LPAR) is using the openldap
clients/libraries. the high load that is causing the problems is on _my_
server. is there any specific tuning (besides increasing RAM/CPU) i can
do to optimize ldaps client queries? i'm thinking of tuning the tcp
stack or something similar, but i'm not an expert on this. where can i
look for debug info? i have strace and tcpdump output
as Quanah already stated RHEL7 builds use MozNSS and thus this problem
might be specific to these. If it is possible, please, try this
scenario with some OpenSSL-built OpenLDAP binaries (e.g. ones from
). If these work correctly feel free to file a bug
to our bugzilla.redhat.com
including all possible information. Anyway,
do not hesitate to contact our access.redhat.com
Associate Software Engineer @ Red Hat, Inc.