[Date Prev][Date Next] [Chronological] [Thread] [Top]

error=Resource temporarily unavailable...



Hi All,

I am running OpenLDAP 2.0.15 on a RedHat 7.1 machine with manually-installed kernel 2.4.9. I compiled OpenLDAP, NSS_LDAP 172, and PAM_LDAP 131 from scratch and linked the later two package with the Netscape LDAPSDK 4.11. What I was trying to do is,

(i)	integrate user account info. in the LDAP instead of plain files,
(ii) 	centralized authentication over secured channel like SSL/TLS.

However, I got the Linux/LDAP integration alright, though I do not understand one point:

I initially got the log in alright, but the user groups were not recognized by the system. I followed the LDAP-Implementation-HOWTO, and after fiddling for a long time, still the user groups were still not recognizable(like doing ls, only the group number is displayed, not the group name defined in LDAP). Then, I comment a line that reads,

nss_base_groups	ou=Groups,dc=my,dc=domain?one?

in /etc/ldap.conf, and the problem was gone. I am sure I have defined the group under ou=Groups,dc=my,dc=domain, of objectclass posixGroup and was world readable and writable. But this is really strange. Anyway, this may not be an issue of OpenLDAP.

There is yet another outstanding problem, which is that, I have configured the OpenLDAP to use SSL/TLS. In my /usr/local/etc/openldap/slapd.conf, I added,

TLSCipherSuite          HIGH:MEDIUM:+SSLv3
TLSCACertificateFile    /usr/local/ssl/certs/cacert.pem
TLSCertificateFile      /usr/local/ssl/certs/server.pem
TLSCertificateKeyFile   /usr/local/ssl/private/server.pem

at the end of the file. Then I tried accessing port 636 through Netscape's address book, and on the first query, it worked, and later queries all got the address book to be running without any response. The bar keep on saying "Contacting [myldap] host...". I explicitly imported my CA cert through Apache. I did not know what happened, then I tried adding a line,

TLSVerifyClient 0

in /usr/local/etc/openldap/slapd.conf, and I tried again, and the same resulted. I then turned on the debug mode, and I saw lines that say "tls_read: want=5 error=Resource temporarily unavailable.". Does anyone know what's wrong? I did not configure /etc/ldap.conf to use ssl though as the file seems to have some additional tags that I don't see in the LDAP-Implementation-Howto.

-Daniel.