[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7122) MozNSS linked libldap makes startTLS extremely slow

To: openldap-its@openldap.org
Subject: (ITS#7122) MozNSS linked libldap makes startTLS extremely slow
From: quanah@OpenLDAP.org
Date: Thu, 5 Jan 2012 17:47:23 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Quanah Gibson-Mount
Version: 2.4.23 (RHEL build)
OS: RHEL6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (75.108.184.39)


As part of http://rhn.redhat.com/errata/RHBA-2011-0673.html, RedHat updated its
OpenLDAP packages to use MozNSS instead of OpenSSL.  However, this has an
immediate negative effect on people who use StartTLS:

| Problem:
| 
| Redhat rebased their openldap server packages to use Mozilla NSS
| instead of the OpenSSL libraries
| (http://rhn.redhat.com/errata/RHBA-2011-0673.html).
| 
| Attempting to authenticate a Zimbra session against this upgraded
| external openLDAP server using starttls results in a 30s delay
| between the beginning of the request and the validation of the
| credentials. I've tested this scenario by rolling back to the
| previous version of openLDAP (2.4.19-15), which restores the
| authentication to an acceptable speed.
| 
| This bug only impacts starttls sessions, utilizing ldaps is an
| acceptable work around for the time being, although we would like to
| return to starttls in the future as ldaps is deprecated in openLDAP.
| 
| Action:
| 
| rolled openLDAP server back to a previous version and the
| authentication returns to normal.

Prev by Date: (ITS#7121) back-mdb segfaults when splitting pages
Next by Date: Re: (ITS#7120) crash when checkpointing DB
Index(es):
- Chronological
- Thread