[Date Prev][Date Next] [Chronological] [Thread] [Top]

overlay chain and TLS/SSL



Hi all,

I think I have  a problem with the overlay chain and tls.  We have one physical
master and two slaves in VMware Vsphere4. Our configuration runs normally fine,
but sometimes  we can't modify  entries like passwords  to the master.  Then we
must restart  the slapd at the  slaves. After restarting slapd  all works fine.
Then slapd works fine the wholy day.  We can change entries or set passwords on
the slaves.  Next morning  we must  restart the slapd  again, because  we can't
modify entries from the  slaves. But we can query the  slapd and syncrepl works
fine. Only things over the overlay chains  doesn't work. I have the problem not
only  with Version  2.4.20. I  tested more  Versions and  actually 2.4.21  from
pysically hardware.

If I can't set entries on the slave  I don't see any tcp packets from the slave
to the master. DNS,  time and so on looks fine and  everything else is working.
And if we restart slapd everything is  working. Does anybody know what is going
wrong and if  there exits a workaround. I read  some things abount /dev/random,
/dev/urandom and kernel 2.6 in VMware. Can this be the problem?

Here the overlay chain configuration.

<snip slapd.conf>
overlay                chain
chain-uri              "ldap://eisenherz.camelot.de/";
chain-idassert-bind    bindmethod=simple
                       binddn="cn=ldapadmin,dc=camelot,dc=de"
                       credentials="xxxxxx"
                       mode="self"
chain-rebind-as-user   TRUE
chain-return-error     TRUE
chain-tls              start
</snip slapd.conf>

Any help is appreciated.

Regards
Ralf Zimmermann

--

 .''`.  Ralf Zimmermann
: :' :  SIEGNETZ.IT GmbH       	     
`. `'   Schneppenkauten 1a      
  `-    57076 Siegen   		
                               
	Tel.: +49 271 68193 13
	Fax.: +49 271 68193 29

	Amtsgericht Siegen HRB4838
	Geschaeftsfuehrer: Oliver Seitz
	Sitz der Gesellschaft ist Siegen
        

Attachment: signature.asc
Description: Digital signature