Re: LDAP add fails with Protocol Error

[Michael Ströder <michael@stroeder.com>]

Alexander Hartner wrote:
> After generating an LDIF file using ldapsearch having a direct fast 
> connect to the LDAP directory, attempt to re-import the file have 
> succeeded while being on the local network. However attempt to import 
> the same LDIF file over a WAN connection fail with the following error:
>
> ldapadd -c -D "..." -w ... -x -h ... -p 389 -f test2.ldif
> adding new entry "..."
> ldap_add: Already exists (68)
>
> adding new entry "..."
> ldap_add: Already exists (68)
>
> adding new entry "..."
> ldap_add: Protocol error (2)
>         additional info: no attributes provided

Here there's something wrong with the LDIF input file causing a 
malformed LDAP PDU to be sent.

> adding new entry "..."
> ldap_add: Already exists (68)

Here the connection seems to be still alive.

> adding new entry "..."
>
> adding new entry "..."
> ..
> adding new entry "..."
> ldapadd: update failed: ...
> ldap_add: Can't contact LDAP server (-1)
> ..

This indicates that the LDAP server is not reachable anymore at 
the transport layer.

> It seems that the slower connection is causing a Protocol error which 
> results in LDAP falling over, or at least becoming un-available.

Note that "protocol error" has a special meaning in LDAP 
terminology indicating that something's wrong with the LDAP PDUs 
transferred. This does not cause the LDAP server to go down. And 
it didn't as the output you provided shows.

> Any ideas what could be causing this problem and what I could to address 
> this.

Since it works over LAN I guess there's simply something wrong 
with your WAN connection.

Ciao, Michael.

--
Michael Ströder
E-Mail: michael@stroeder.com
http://www.stroeder.com