[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4144) Strange problem in client libs with SSL connect



Aaron Richton wrote:
>>Yes. But the point is "some of the time".
> 
> Is this intermittent with OpenLDAP tools? (e.g. identical ldapsearch
> command works once, doesn't work later?)

No. I can only confirm the failure of the correct connection attempt in
step 1 with RE23's ldapsearch since the OS process of ldapsearch exits
after one test. ldapsearch of 2.2.27 works ok.

web2ldap is a long-running multi-threaded process performing all three
connection attempts without restarting the OS process. As I said the
very same configuration works correctly when python-ldap is linked
against 2.2.27 libs.

I suspect something gets initialized lazily. (Well, don't know how to
express that in English.)

> What is the equivalent ldapsearch command that fails?

IIRC this simple command failed with LDAP_SERVER_DOWN:

ldapsearch -x -H ldaps://directory.example.com -b "" "(objectClass=*)"

> A sanitized -d log
> of that ldapsearch command might be good too.

Hmm, it's not my machine. Therefore this can take until next week.

Maybe I could also write a short test script with Python (but not in C
on top of OpenLDAP libs) and also test with HEAD.

Ciao, Michael.