[Date Prev][Date Next] [Chronological] [Thread] [Top]

Open LDAP sometimes "Can't contact LDAP server"



Hello all,

I developed a PHP application which use slapd.
Sometimes, I have the message "Can't contact LDAP server", but sometimes it works (almost half the time)

Just before it hangs, I see the following message:
--------------------------------------------------
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: epoll: listen=9 active_threads=0 tvp=zero
daemon: epoll: listen=10 active_threads=0 tvp=zero
connection_read(20): input error=-2 id=1530, closing.
connection_closing: readying conn=1530 sd=20 for close
daemon: removing 20
conn=1530 fd=20 closed (connection lost)
daemon: activity on 1 descriptor
daemon: activity on:
--------------------------------------------------

Sometimes, I also see theses messages:
--------------------------------------------------
slapd[9635]: connection_close: deferring conn=1582 sd=22
connection_input: conn=1593 deferring operation: binding
--------------------------------------------------


I use :
- debian 6.0.5
- slapd 2.4.23-7.2
- OpenSSL 0.9.8o 01 Jun 2010

SSL certificats generated with XCA :
- openssl x509 -text -in /etc/ssl/pki/ca.crt
    Data:
        Version: 3 (0x2)
        Signature Algorithm: sha1WithRSAEncryption
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (4096 bit)
	X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: 
                Certificate Sign, CRL Sign
            Netscape Cert Type: 
                SSL CA, S/MIME CA, Object Signing CA
            Netscape Comment: 
                xca certificate
- openssl x509 -text -in /etc/ssl/pki/server.crt
	Data:
		Version: 3 (0x2)
		Signature Algorithm: sha1WithRSAEncryption
	Subject Public Key Info:
		Public Key Algorithm: rsaEncryption
		RSA Public Key: (4096 bit)
	X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
            Netscape Cert Type: 
                SSL Server
            Netscape Comment: 
                xca certificate

Certificats import: 
----- BEGIN /etc/ssl/pki/ldap/ldap.ldif -----
dn: cn=config
replace: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ssl/pki/ca.crt
-
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ssl/pki/ldap.crt
-
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ssl/pki/server.pem
----- END /etc/ssl/pki/ldap/ldap.ldif -----

ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/pki/ldap/ldap.ldif

I don't see at all where the problem can comes from because it works half the time.
Can anyone help me?

Regards,
sms