[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SSL replication deadlocks slapd
On 09/25/13 13:43 -0700, Chad Scott wrote:
I'm having a lot of trouble with replication when using SSL. If I configure
everything exactly the same without SSL, it works flawlessly. The instant I
try to encrypt traffic, one or both servers will deadlock, even after
restart.
Does slapd still respond? If so, verify that your entropy is not being
depleted for your ssl connections. I believe by default openssl uses
/dev/random which can block. Check /proc/sys/kernel/random/entropy_avail.
I'm configuring according to the instructions at
http://www.openldap.org/doc/admin24/replication.html#N-Way Multi-Master,
except using ldaps:// instead of ldap://.
In cn=config, I've setup:
olcTLSCACertificateFile: /etc/openldap/certs/Operations_CA_Certificate.pem
olcTLSCertificateFile: /etc/openldap/certs/ldap.pem
olcTLSCertificateKeyFile: /etc/openldap/certs/ldap.key
I've also tried using STARTTLS over ldap:// and it seems to make no
difference.
Permissions are right and I can connect via SSL from clients without issue.
I'm completely stumped as to what might be going on. Has anyone seen this
before?
This is running on Scientific Linux 6 with the following packages:
openldap-2.4.23-32.el6_4.x86_64
openldap-clients-2.4.23-32.el6_4.x86_64
openldap-servers-2.4.23-32.el6_4.x86_64
--
Dan White