[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back-meta (Was: (ITS#3971) slapo-glue dissolving after one query)



Pierangelo Masarati wrote:

I didn't have much time to look at your logs; however, it appears that few
of them actually have to do expressly with back-ldap or back-meta;
significantly, all those involving ldaps:// seem to have mostly to do with
certificate checking (I couldn't tell if on the reomte or the local
server's side). I suggest we try to work each issue out separately. First of all you should try and set up something working (either with
back-meta or back-ldap) with plain ldap://; given the recent improvements
in both, I'd suggest you try with the latest OpenLDAP 2.3 code. If the
setup works as expected, you can do some more tests about ldaps://; they
should mostly likely end up with requiring/disabling either remote
server-side or proxy-side certificate checking, based on your
requirements, and providing the appropriate configuration if certificate
checking is required. Note that back-ldap in 2.3 also allows to configure
the use if Start TLS and TLS propagation (i.e. proxy with TLS only if it
was used in the connection from the client to the proxy). If testing with
back-ldap yields positive results, I plan to extend this capability to
back-meta.


p.



Ando,

Being able to customize the timeout is handy and all, but my main interest is in why JNDI behaves strangely with back-meta and back-ldap, slapd keeps returning no results whenever the query comes from a Java JNDI client. My primary interest with this (problem) is to be able to use a back-meta or back-ldap proxied directory with a java JNDI client. Have you had a chance to look into why the behavior is different with JNDI and the back-meta/ldap setups?.

Thanks.