[Date Prev][Date Next] [Chronological] [Thread] [Top]

I can reproduce the situation when my openldap-1.2.9 goes catatonic



I have certain systems that cause the server to go catatonic if they send a 
request.  

First I need to say something about network topology.

We are using frees/wan to do ipsec VPN.  I have a master LDAP server which I'm 
replicating across the VPN.  

Queries to the master LDAP server work fine except if they come from a remote 
firewall box.  Here's a picture:

+------------+
| ldapmaster |
+------------+
      |
   ethernet
      |
+------------+
| Firewall A |
+------------+
      |
  VPN across
 the internet
      |
+------------+
| Firewall B |
+------------+
      |
   ethernet
      |
+------------+
| Other Host |
+------------+

LDAP works great from any system *except* "Firewall B".  This includes "Other 
Host and "Firewall A".  If I do an ldapsearch form "Firewall B" while running 

	slapd -d 65535

I get:

	select activity on 1 descriptors
	new connection on 7

and it hangs.

What's probably happening is that Firewall B is using it's external network 
address to talk to ldapmaster and some kind of funny masqurading is going on.  
I'm going to have to debug that separately, but it sure would be nice if slapd 
were to be a little more resistant to this particular lossage.

I'm thinking it might be better if I could run slapd under inetd or tcpserver. 
Is the almost but not quite documented -i flag what I think it is?

Chris


-- 
Chris Garrigues                 virCIO
http://www.DeepEddy.Com/~cwg/	http://www.virCIO.Com
+1 512 432 4046                 +1 512 374 0500
				4314 Avenue C
O-				Austin, TX  78751-3709
                                

  My email address is an experiment in SPAM elimination.  For an
  explanation of what we're doing, see http://www.DeepEddy.Com/tms.html 

    Nobody ever got fired for buying Microsoft,
      but they could get fired for relying on Microsoft.


Attachment: pgp8a2qVM9T4k.pgp
Description: PGP signature