[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8581) slapd-meta backend SSL negociation timeout

Full_Name: Louis Chanouha
Version: 2.4.40
OS: Debian 8
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (


I experience some problems with slapd-meta with ldaps backend.
gnuTLS (or openssl) negociation timeout seems not to be handled, and i can't
find any reference to modify this timeout on docs. My server becames
unresponsive (too many connexion slots) when a ssl-secured backend server time
out after TCP connexion establishment.

To reproduce the error, i have an meta directory configured like this:

database meta
suffix          "dc=localauth"
rootdn          "%n=Manager,dc=localauth"
rootpw          XXX

uri "ldaps://localhost:666/ou=UT,dc=localauth"
lastmod off
suffixmassage   "ou=UT,dc=localauth" "ou=people,dc=example,dc=fr"
timeout 1
conn-ttl 1
network-timeout 1

And i launch a netcat to listen to the 666 port:
nc -l -p 666

Then, this command never time out:
ldapwhoami -H ldap://YYYY:9009 -D uid=me,ou=UT,dc=localauth -W

Error does not happen when no ssl used ("timeout 1" option works well)

OS: Debian 8 Jessie x64
slapd: 2.4.40+dfsg-1+deb8u2
gnutls: 3.3.8-6+deb8u4

Sorry for my english, and thanks for the help,
Louis Chanouha
University of Toulouse