[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: back-meta (Was: (ITS#3971) slapo-glue dissolving after one query)
Ando,
Well, I tried the latest RE23 code, and still ran into the same problem,
ldapsearch reports err=51, you can find the complete loglevel -1 log and
relevant detail bits at
http://w3.gofti.com/~pfnguyen/openldap/ldapsearch-bad-meta-re23-050830.txt
Thanks.
> >> -----Original Message-----
> >> From: Pierangelo Masarati [mailto:ando@sys-net.it]
> >> Sent: Thursday, August 25, 2005 3:39 PM
> >> To: Perry Nguyen
> >> Cc: 'openldap-software@openldap.org
> >> Subject: Re: back-meta (Was: (ITS#3971) slapo-glue dissolving
> >> after one query)
> >> Perry Nguyen wrote:
> >> >1, yes, this error still occurs when no gluing is going on,
> >> I have the full
> >> >loglevel -1 trace and commands used/input at
> >> >http://w3.gofti.com/~pfnguyen/openldap/ldapsearch-bad-meta.txt
> >> I haven't gone into details yet, but I believe this issue
> >> with back-meta
> >> may have been cured in current re23 (i.e. code candidate for
> >> release as
> >> next 2.3). Similar behavior was observed some time because
> >> ldap_result() after asynchoronous bind was called with 0
> >> timeout, i.e.
> >> for a poll. This has been reported to result in a storm of
> >> pollings. I
> >> wonder if you can give it a quick try.
> I didn't have much time to look at your logs; however, it
> appears that few
> of them actually have to do expressly with back-ldap or back-meta;
> significantly, all those involving ldaps:// seem to have
> mostly to do with
> certificate checking (I couldn't tell if on the reomte or the local
> server's side). I suggest we try to work each issue out separately.
> First of all you should try and set up something working (either with
> back-meta or back-ldap) with plain ldap://; given the recent
> improvements
> in both, I'd suggest you try with the latest OpenLDAP 2.3
> code. If the
> setup works as expected, you can do some more tests about
> ldaps://; they
> should mostly likely end up with requiring/disabling either remote
> server-side or proxy-side certificate checking, based on your
> requirements, and providing the appropriate configuration if
> certificate
> checking is required. Note that back-ldap in 2.3 also allows
> to configure
> the use if Start TLS and TLS propagation (i.e. proxy with TLS
> only if it
> was used in the connection from the client to the proxy). If
> testing with
> back-ldap yields positive results, I plan to extend this capability to
> back-meta.