* Amy Tanner (atanner@ahpcrc.org) wrote: > We recently noticed on 2 of our slapd servers the file > /var/run/slapd/params_cache_rsa file was disappearing. I see a cron job > that runs daily removing both that file and params_cache_dh. > params_cache_dh seems to get recreated but params_cache_rsa does not. > With this file missing, ldaps connection attempts fail and cause slapd > to hang. > > What should be recreating the params_cache_rsa file and when? slapd should be creating them when a connection that needs them comes in... > What are these files used for? The parameters are time consuming to generate so we attempt to cache them. exim and other software does basically the same thing. > Note: we are running openldap 2.1.30-2 with libgnutls11 1.0.16-8 (both out > of backports) on debian stable. The GNUTLS support was added by Debian to get around licenseing problems w/ GPL applications which use LDAP. Unfortunately, it hasn't been incorporated upstream yet (if it ever will..), so a better thing to do would be to open a bug in Debian's BTS on this. The latest reworking of the GNUTLS patch was done by one of the Debian maintainers (Roland), if you file a bug in Debian's BTS he'll see it there. Stephen
Attachment:
signature.asc
Description: Digital signature