[Date Prev][Date Next] [Chronological] [Thread] [Top]

Fw : backend SSL negociation timeout



Hello,

I experience some problems with slapd-meta with ldaps backend.
gnuTLS (or openssl) negociation timeout seems not to be handled, and i can't find any reference to modify this timeout on docs. My server becames unresponsive (too many connexion slots) when a ssl-secured backend server time out after TCP connexion establishment.

To reproduce the error, i have an meta directory configured like this:

database meta
suffix          "dc=localauth"
rootdn          "cn=Manager,dc=localauth"
rootpw          XXX

uri "ldaps://localhost:666/ou=UT,dc=localauth"
lastmod off
suffixmassage   "ou=UT,dc=localauth" "ou=people,dc=example,dc=fr"
timeout 1
conn-ttl 1
network-timeout 1

And i launch a netcat to listen to the 666 port:
nc -l -p 666

Then, this command never time out:
ldapwhoami -H ldap://YYYY:9009 -D uid=me,ou=UT,dc=localauth -W

Error does not happen when no ssl used ("timeout 1" option works well)

OS: Debian 8 Jessie x64
slapd: 2.4.40+dfsg-1+deb8u2
gnutls: 3.3.8-6+deb8u4


Sorry for my english, and thanks for the help,
Regards,
Louis Chanouha
University of Toulouse