[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch is too slow after I deleted an entry

--On Thursday, February 07, 2008 10:09 AM +0200 Amir Saad <eng__amir@hotmail.com> wrote:

I setup OpenLDAP & MIT Kerberos successfully. I created a self-signed
certificate for OpenLDAP and I configured the server to work only on
ldaps. I migrated all existing users and groups to OpenLDAP. Everything
was working just perfect till I added a new group object using ldapadd
and then deleted it using ldapdelete, since then ldapsearch takes very
long time to complete. It returns the correct results but after very long
time. I tried ldapsearch -d8 to see what is going on and here are the
errors I got:
TLS certificate verification: Error, self signed certificate
TLS certificate verification: depth: 0, err: 18, subject: [SOME
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TL! S trace: SSL_connect:SSLv3 read finished A
TLS trace: SSL3 alert write:warning:bad certificate
TLS: unable to get peer certificate.

Do you think the delay is related to the above? What is wrong with
OpenLDAP? I did not touch any configuration, only ldapadd and ldapdelete!
This piece of software is very unstable :( Please help.

What version of OpenLDAP? What database backend? Have you actually tuned it correclty? Added indices for the searches you use? etc. I've found OpenLDAP to be both (a) extremely fast and (b) extremely stable.

And yes, you need to fix your cert configuration. It looks like you created an invalid cert.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration