[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd-ldap killed by a broken client (ITS#4117)



On Mer 16 novembre 2005 15:29, Pierangelo Masarati wrote:
> On Wed, 2005-11-16 at 15:10 +0100, Raphaël Ouazana-Sustowski wrote:
>
>> It seems to work with 2.3.11, but I can't exactly reproduce my
>> configuration:
>> - if I launch slapd with -h "ldap://*:389 ldaps://*:636" I can't open
>> any
>> connection. My ldapsearch client is hanged in ldap_int_select. Note that
>> I
>> haven't any TLS directive in my slapd.conf (ok, it is strange, but it
>> used
>> to work in 2.2.28) [*]
>> - if I launch slapd with -h "ldap://*:389 ldap://*:636"; (stupid, just
>> for
>> testing purpose), all works fine.
>
> This has nothing to do with the original issue, you should discuss it on
> the openldap-software mailing list and, in case evidence of a new bug
> emerges, file another ITS.

Yes, of course. It is just that I'm not sure that my problem is really
solved.

> In any case, I suggest you use "ldap:// ldaps://" to indicate ANY
> interface and the default ports;

It doesn't work.

> moreover, I don't think you should use
> "ldaps://" if you didn't properly configure TLS related stuff in
> slapd.conf.

It seems judicious. I was only waiting my certificates to configure
properly TLS.

> The fact that slapd does not work if you do may be odd, but
> not unexpected.  And the fact that although being incorrect it used to
> work with previous versions has never been a good argument.

I think the fact the slapd does not work at all is unexpected. It should
at least exit with an error message, but not open the ports and drop every
requests. But it has nothing to do with this ITS. I you want I can fill an
ITS about that.

Raphael Ouazana.