I experience some problems with slapd-meta with ldaps backend.
gnuTLS (or openssl) negociation timeout seems not to be handled, and i can't find any reference to modify this timeout on docs. My server becames unresponsive (too many connexion slots) when a ssl-secured backend server time out after TCP connexion establishment.
To reproduce the error, i have an meta directory configured like this:
database meta
suffix "dc=localauth"
rootdn "cn=Manager,dc=localauth"
rootpw XXX
uri "ldaps://localhost:666/ou=UT,dc=localauth"
lastmod off
suffixmassage "ou=UT,dc=localauth" "ou=people,dc=example,dc=fr"
timeout 1
conn-ttl 1
network-timeout 1
And i launch a netcat to listen to the 666 port:
nc -l -p 666
Then, this command never time out:
ldapwhoami -H ldap://YYYY:9009 -D uid=me,ou=UT,dc=localauth -W
Error does not happen when no ssl used ("timeout 1" option works well)
OS: Debian 8 Jessie x64
slapd: 2.4.40+dfsg-1+deb8u2
gnutls: 3.3.8-6+deb8u4
Sorry for my english, and thanks for the help,
Regards,
Louis Chanouha
University of Toulouse