[email protected] wrote: > Full_Name: Mike Jackson > Version: 2.4.45 > OS: Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (194.157.185.162) > > > Push replication via TLS fails to remote servers where the TCP/IP round-trip > time is greater than 100ms. When the return packets finally arrive, the > initiating server will close the connection with RST RST RST, which results in > TLS NEGOTIATION FAILURE. If TLS is not used, then the high-latency connection > will function normally and replication will occur. > > The 100ms time limit comes from here: > > servers/slapd/back-ldap/back-ldap.h: #define LDAP_BACK_RESULT_UTIMEOUT > (100000) > > Reference commit 112be0118e43c161d44de6e852cca9f517bb653d from 2005. > > HYC: "Ando ported timeout code from back-meta into back-ldap but he never > ported > the config keyword that sets the timeout number of retries" > > In addition, the back_ldap man page is not up to date. > > > My temporary workaround was to set LDAP_BACK_RESULT_UTIMEOUT (900000) (900ms) > and recompile. Problem immediately went away, but this is not a correct > approach > and the retry counter should be runtime configurable.
back-ldap has been fixed to use the configured timeout for exops here. Fix is in git master. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
