[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap-technical Digest, Vol 59, Issue 15



Hello,

How can I find this informations?
I didn't find any information about binding by using the command:
#/usr/sbin/slapcat -n 0 -l output.ldif

Command result: http://pastebin.com/4ihGjLXf

# cat /etc/ldap/ldap.conf
URI ldaps:///
BASE dc=sms,dc=fr
TLS_CACERT /etc/ssl/pki/fr.sms.ca.crt
TLS_REQCERT never

cat  /etc/default/slapd
SLAPD_CONF=
SLAPD_USER="openldap"
SLAPD_GROUP="openldap"
SLAPD_PIDFILE=
SLAPD_SERVICES="ldaps:/// ldapi:///"
SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
SLAPD_OPTIONS=""

Does anyone have an ideai why it works half the time?

Thanks,
sms.

----- Mail original -----
De: "25Dollar Tech" <25dollartechhelp@gmail.com>
Ã: "amicale salmson" <amicale.salmson@free.fr>
EnvoyÃ: Lundi 15 Octobre 2012 14:11:36
Objet: Re: openldap-technical Digest, Vol 59, Issue 15


Hello you must check in your bind details from conf or ldif file 




Message: 2 
Date: Mon, 15 Oct 2012 12:57:56 +0200 (CEST) 
From: amicale.salmson@free.fr 
To: openldap-technical@openldap.org 
Subject: Open LDAP sometimes "Can't contact LDAP server" 
Message-ID: 
< 258228487.277539862.1350298676206.JavaMail.root@zimbra63-e11.priv.proxad.net > 

Content-Type: text/plain; charset=utf-8 

Hello all, 

I developed a PHP application which use slapd. 
Sometimes, I have the message "Can't contact LDAP server", but sometimes it works (almost half the time) 

Just before it hangs, I see the following message: 
-------------------------------------------------- 
daemon: epoll: listen=8 active_threads=0 tvp=zero 
daemon: epoll: listen=9 active_threads=0 tvp=zero 
daemon: epoll: listen=10 active_threads=0 tvp=zero 
connection_read(20): input error=-2 id=1530, closing. 
connection_closing: readying conn=1530 sd=20 for close 
daemon: removing 20 
conn=1530 fd=20 closed (connection lost) 
daemon: activity on 1 descriptor 
daemon: activity on: 
-------------------------------------------------- 

Sometimes, I also see theses messages: 
-------------------------------------------------- 
slapd[9635]: connection_close: deferring conn=1582 sd=22 
connection_input: conn=1593 deferring operation: binding 
-------------------------------------------------- 


I use : 
- debian 6.0.5 
- slapd 2.4.23-7.2 
- OpenSSL 0.9.8o 01 Jun 2010 

SSL certificats generated with XCA : 
- openssl x509 -text -in /etc/ssl/pki/ca.crt 
Data: 
Version: 3 (0x2) 
Signature Algorithm: sha1WithRSAEncryption 
Subject Public Key Info: 
Public Key Algorithm: rsaEncryption 
RSA Public Key: (4096 bit) 
X509v3 extensions: 
X509v3 Basic Constraints: critical 
CA:TRUE 
X509v3 Key Usage: 
Certificate Sign, CRL Sign 
Netscape Cert Type: 
SSL CA, S/MIME CA, Object Signing CA 
Netscape Comment: 
xca certificate 
- openssl x509 -text -in /etc/ssl/pki/server.crt 
Data: 
Version: 3 (0x2) 
Signature Algorithm: sha1WithRSAEncryption 
Subject Public Key Info: 
Public Key Algorithm: rsaEncryption 
RSA Public Key: (4096 bit) 
X509v3 extensions: 
X509v3 Basic Constraints: critical 
CA:FALSE 
X509v3 Key Usage: 
Digital Signature, Non Repudiation, Key Encipherment 
Netscape Cert Type: 
SSL Server 
Netscape Comment: 
xca certificate 

Certificats import: 
----- BEGIN /etc/ssl/pki/ldap/ldap.ldif ----- 
dn: cn=config 
replace: olcTLSCACertificateFile 
olcTLSCACertificateFile: /etc/ssl/pki/ca.crt 
- 
replace: olcTLSCertificateFile 
olcTLSCertificateFile: /etc/ssl/pki/ldap.crt 
- 
replace: olcTLSCertificateKeyFile 
olcTLSCertificateKeyFile: /etc/ssl/pki/server.pem 
----- END /etc/ssl/pki/ldap/ldap.ldif ----- 

ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/pki/ldap/ldap.ldif 

I don't see at all where the problem can comes from because it works half the time. 
Can anyone help me? 

Regards, 
sms 



------------------------------ 

_______________________________________________ 
openldap-technical mailing list 
openldap-technical@openldap.org 
http://www.openldap.org/lists/mm/listinfo/openldap-technical 


End of openldap-technical Digest, Vol 59, Issue 15 
************************************************** 



-- 

Thanks & Regards, 
25dollarTech Team 
https://sites.google.com/site/25dollartech/ 
Email: 25dollartechhelp@gmail.com