[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4429) (back-ldap?) slapd deadlock

On Tue, 2006-03-28 at 19:35 +0000, ando@sys-net.it wrote:
> On Tue, 2006-03-28 at 19:23 +0000, richton@nbcs.rutgers.edu wrote:
> > And there's your reason why the connection is failing. Now, what's making
> > it fail StartTLS when it started TLS so nicely so many other times?
> > 
> > Hmm. Well, I _am_ running OpenSSL 0.9.7g, and I know what we like to say
> > about old versions. But I just restarted with OpenSSL 0.9.7i before
> > sending this (shared objects are your friend) so we'll see how that goes.
> This makes perfectly sense.  I don't have the answer right now, but
> there might be something broken in StartTLS while retrying; I don't
> recall testing that case.

I've checked this stuff right now and it seems to work fine; I'm not
sure I tested all combinations of parameters, though.

What is the TLS-related configuration of back-ldap, and what is the
exact sequence of operations you make?

I've checked

uri             ldap://:9011
tls             propagate
conn-ttl        10

using ldapsearch with and without -ZZ, and

uri             ldap://:9011
tls             propagate
conn-ttl        10

again using ldapsearch with and without -ZZ.  In both cases, I first run
an operation; then I re-run it after the conn-ttl has expired.


Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it