I've got OpenLDAP 2.0.23 deployed on a couple RedHat 7.1 boxes for VPN user authentication to a Nokia/Check Point Firewall-1 VPN device. Very little has been done to the slapd.conf file, other than restricting permissions for my help desk to modify passwords, adding a firewall-1 schema, and configuring slurpd.
We've only got about 200 users rolled out, and I've now seen twice the firewall freaks out stating 'user not found' after a couple of days. The slapd processes are still running, and Check Point's LDAP admin client as well as Softerra's LDAP administrator are able to hit the database fine. An analyzed tcpdump on the firewall and the LDAP server show several 'malformed LDAP requests'. The firewall is authenticating with the LDAP server as the schema owner. If I 'kill -INT <slapd pid>', then restart it, the firewall seems to be happy again. I've also found if I 'touch' the user record (modify a non-related field), authentication works again.
At this point, I have slurpd set up and am considering pointing the firewall to the replicated database in the hopes that the firewall isn't mucking things up.
Does anyone have any suggestions? I have noticed that slapd is forking up to 15-20 processes to handle the requests from the firewall.
This message is for the designated recipient only and may contain privileged or confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.