| Are the attributes you are searching on indexed? Sellers On Feb 7, 2008, at 11:47 AM, Quanah Gibson-Mount wrote: --On Thursday, February 07, 2008 10:09 AM +0200 Amir Saad <eng__amir@hotmail.com> wrote:I setup OpenLDAP & MIT Kerberos successfully. I created a self-signedcertificate for OpenLDAP and I configured the server to work only onldaps. I migrated all existing users and groups to OpenLDAP. Everythingwas working just perfect till I added a new group object using ldapaddand then deleted it using ldapdelete, since then ldapsearch takes verylong time to complete. It returns the correct results but after very longtime. I tried ldapsearch -d8 to see what is going on and here are theerrors I got:TLS certificate verification: Error, self signed certificateTLS certificate verification: depth: 0, err: 18, subject: [SOMEINFORMATION HERE]TLS trace: SSL_connect:SSLv3 read server certificate ATLS trace: SSL_connect:SSLv3 read server done ATLS trace: SSL_connect:SSLv3 write client key exchange ATLS trace: SSL_connect:SSLv3 write change cipher spec ATLS trace: SSL_connect:SSLv3 write finished ATLS trace: SSL_connect:SSLv3 flush dataTL! S trace: SSL_connect:SSLv3 read finished ATLS trace: SSL3 alert write:warning:bad certificateTLS: unable to get peer certificate.Do you think the delay is related to the above? What is wrong withOpenLDAP? I did not touch any configuration, only ldapadd and ldapdelete!This piece of software is very unstable :( Please help. ______________________________________________ Chris G. Sellers | NITLE - Technology Team |