[Date Prev][Date Next] [Chronological] [Thread] [Top]

Timeouts over LDAPS

To: openldap-technical@openldap.org
Subject: Timeouts over LDAPS
From: Martin Sandsmark <sandsmark@samfundet.no>
Date: Tue, 5 Feb 2008 20:00:45 +0100
Content-disposition: inline
User-agent: Mutt/1.5.13 (2006-08-11)

Hi!
I'm having some trouble with time-outs when using ldaps with pam.

If the slapd opens an incoming ssl connection, but do not respond correctly
(like if the Berkley database breaks down, which unfortunately seems to
happen from time to time), the ldap-pam-module will hang more or less
indefinitely. This is rather unfortunate, since it makes logging in and
repairing the database much more tedious.

If we use just plain ldap (not using openssl), the connection times out
rather quickly, and pam tries the next authentication method which works
as expected, and the problem can be fixed. But unfortunately that also opens
up some security risks, since we can't be sure we connect to the proper ldap
server.

-- 
Martin Sandsmark 
IT-Komiteen, Samfundet 
	"Capital letters were always the best way of dealing
	with things you didn't have a good answer to."
		- Douglas Adams

Follow-Ups:
- Re: Timeouts over LDAPS
  - From: Russ Allbery <rra@stanford.edu>

Prev by Date: LDAP Master/Slave replication
Next by Date: LDAP Master/Slave replication
Index(es):
- Chronological
- Thread