[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapsearch with delay (on the same machine over TLS/SSL only)



Hello

I've found one problem

I have latest openldap release 2.4.3 (but it is similar on former
versions too). 

There is small delay (1-2s) on beginning when I query ldap server from
the same machine over TLS or SSL. Without SSL is no delay.

Is it bug or is it normal? How can I debug it more?

QUERY with delay:
from ldap1 to ldap1 (the same machine)
[root@ldap1 ~]# ldapsearch24 -Z -h ldap1.ldapnet.tmapy.cz -x -s sub -D
"cn=Manager,dc=tmapy,dc=cz" -b 'dc=tmapy,dc=cz' -w p*****d


QUERY without delay: 
from ldap1 to ldap1 (the same machine without TLS)
[root@ldap1 ~]# ldapsearch24    -h ldap1.ldapnet.tmapy.cz -x -s sub -D
"cn=Manager,dc=tmapy,dc=cz" -b 'dc=tmapy,dc=cz' -w p*****d
from ldap1 to ldap2
[root@ldap1 ~]# ldapsearch24 -Z -h ldap2.ldapnet.tmapy.cz -x -s sub -D
"cn=Manager,dc=tmapy,dc=cz" -b 'dc=tmapy,dc=cz' -w p*****d
from ldap2 to ldap1
[root@ldap2 ~]# ldapsearch24 -Z -h ldap1.ldapnet.tmapy.cz -x -s sub -D
"cn=Manager,dc=tmapy,dc=cz" -b 'dc=tmapy,dc=cz' -w p*****d


I think my DNS/hosts settings are correct

My testing environment:

servers:
ldap1.ldapnet.tmapy.cz
ldap2.ldapnet.tmapy.cz
ldap3.ldapnet.tmapy.cz

from ldap1 config: slapd.conf
TLSCACertificateFile /etc/pki/tls/cacert.pem
TLSCertificateFile /etc/pki/tls/certs/ldap1.ldapnet.tmapy.cz-cert.pem
TLSCertificateKeyFile /etc/pki/tls/private/ldap1.ldapnet.tmapy.cz-key.pem

[root@ldap1 ~]# hostname 
ldap1.ldapnet.tmapy.cz

[root@ldap1 ~]# grep ldap1 /etc/hosts
192.168.241.10 ldap1.ldapnet.tmapy.cz

[root@ldap1 ~]# ifconfig eth0
eth0  inet adr:192.168.241.10  Všesměr:192.168.241.255
Maska:255.255.255.0

[root@ldap1 ~]# grep
ldap1 /etc/pki/tls/certs/ldap1.ldapnet.tmapy.cz-cert.pem 
        Subject: C=CS, ST=Kraj kralovehradecky, O=T-MAPY spol. s
r.o.,OU=ldapnet, CN=ldap1.ldapnet.tmapy.cz


Pavel Lisy
-- 
Pavel Lisy <pali@tmapy.cz>