[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Strange TLS issue while upgrading from openldap 2.3 to 2.4



--On Wednesday, June 27, 2012 3:31 PM +0200 Guillaume Rousse <guillomovitch@gmail.com> wrote:

Sorry, I'm not a Zimbra admin, and I may have been confusing in my
explanations. The problem occurs with Zimbra acting as an LDAP client
against an external LDAP server, performing a bind operation for
authenticating users, with the following behaviour:

Zimbra against on openldap 2.3.x server, with TLS on port 389: OK
Zimbra against on openldap 2.4.x server, on port 636: OK
Zimbra against on openldap 2.4.x server, with TLS on port 389: 30s delay

Ok, so what you are saying is:

You upgraded your OS to CentOS6

You use external auth

The external auth from CentOS6 to your own LDAP server shows a 30 second delay on closing.

That sounds like a bug in Java/JNDI. I did see some 30 second issues with RHEL6, but it was with initiating a connection, not closing it. You can see more about that at <https://stomp.colorado.edu/blog/blog/2011/06/29/on-rhel-6-ssh-dns-firewalls-and-slow-logins/>

I would note that JNDI behavior varies based on startTLS vs SSL on port 636 as well.

--Quanah


--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration