Re: Strange TLS issue while upgrading from openldap 2.3 to 2.4

[Quanah Gibson-Mount <quanah@zimbra.com>]

--On Tuesday, June 26, 2012 10:27 AM +0200 Guillaume Rousse 
<guillomovitch@gmail.com> wrote:

> Le 25/06/2012 20:06, Quanah Gibson-Mount a Ãcrit :
> > --On Monday, June 25, 2012 1:46 PM +0200 Guillaume Rousse
> > <guillomovitch@gmail.com> wrote:
> >
> > > Hello list.
> > >
> > > I recently faced a strange issue while upgrading from openldap 2.3 to
> > > 2.4 (from centos 5.7 to 6.2, actually): the change was transparent for
> > > every applications excepted Zimbra, for which any authentication
> > > attempt was suffering from an unexplained 30s additional delay. Just
> > > switching from explicit TLS usage on port 389 to explicit SSL usage on
> > > port 636 was enough to fix the issue.
> >
> > I would use ldapsearch -d -1 to see what function it was hanging in.
> Unfortunatly (sort of), I can't reproduce the issue with any other client
> as zimbra itself... ldapsearch works fine, even when run from the same
> host as zimbra.

ldapsearch against the zimbra server works fine (no delay on closing)? 
Then that would imply the issue is with whatever client is making the 
connection to Zimbra.  It looks like slapd is simply detecting the 
connection was never closed properly after about 30 seconds, and taking 
care of closing it. I don't specifically see any issue here.  Initially I 
thought you were saying you were seeing this issue while initiating a 
connection, not while closing it.

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration