[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
problems connecting to ldaps:// under high load with ppc64 client
hi,
i'm operating an owncloud server that connects to an IBM Tivoli
Directory Server as LDAP backend. the ldap admin tells me he is seeing
"null binds" from my owncloud server in his logs:
2016-05-24T14:32:56.349452+2:00 srvr_ssl_read: EIO in handshake.
EWOULDBLOCK timeout. Read: -2 of 0
2016-05-24T14:32:56.350445+2:00 GLPSSL019E The SSL layer has reported an
unidentified internal error, SSL extended error code:406.
2016-05-24T14:32:56.351813+2:00 GLPSRV022E Failed to initialize secure
connection from client (connection ID: 61786, IP address: x.x.x.x, Port:
59921).
2016-05-24T14:32:56.357220+2:00 GLPSRV044W Client connection from
x.x.x.x bound as NULL closed by server.
i investigated on my server and noticed that it has problems connecting
to the ldaps://ldap.example.com uri (which is the ITDS server) under
high client system load, whereas connection to ldap://ldap.example.com
is ok.
$ ldapsearch -v -x -z 0 -H ldaps://ldap.example.com -b
"ou=groups,dc=example,dc=com" -v "objectClass=posixGroup"
ldap_initialize( ldaps://ldap.example.com:636/??base )
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
my server (RHEL 7 on a ppc64 LPAR) is using the openldap
clients/libraries. the high load that is causing the problems is on _my_
server. is there any specific tuning (besides increasing RAM/CPU) i can
do to optimize ldaps client queries? i'm thinking of tuning the tcp
stack or something similar, but i'm not an expert on this. where can i
look for debug info? i have strace and tcpdump output
thx
matthias