Defining timeouts in slapd-ldap Backend

Mon, 31 Oct 2016 12:55:13 -0700 

Hi List,

i have an problem with slapd-ldap backend and the timeouts.

There are many timeouts to configure, but i think they dont work in the tls 
handshake phase.

5816f773 send_ldap_result: conn=-1 op=0 p=0
5816f773 backend_startup_one: starting "sid=3092,sec=webhosting,o=xxxxxx,c=de"
5816f773 ldap_back_db_open: URI=ldaps://sid3092.int.webslave.xxxxxxx
ldap_create
ldap_url_parse_ext(ldaps://sid3092.int.webslave.xxxxxxxx)
5816f773 =>ldap_back_getconn: conn=-1 op=0: lc=0x37c2880 inserted refcnt=1 rc=0
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP sid3092.int.webslave.xxxxxxxxx:636
ldap_new_socket: 256
ldap_prepare_socket: 256
ldap_connect_to_host: Trying 10.xx.xx.xx:636
ldap_pvt_connect: fd: 256 tm: 5 async: 0
ldap_ndelay_on: 256
attempting to connect:
connect errno: 115
ldap_int_poll: fd: 256 tm: 5
ldap_is_sock_ready: 256
ldap_ndelay_off: 256
ldap_pvt_connect: 0
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A

And then the slapd hangs and hangs.

I know that the consumer ldap is running, but the server itself hangs with an 
error. In this slapd there are 250 more servers to serve via slapd-ldap, so 
this will cause an big problem when only one server hangs and the slapd stucks 
forever.
Are there any other timeouts to configure in slapd-ldap backend ?


Here´s the slapd.conf:

database ldap
                hidden on
                suffix "sid=3092,sec=webhosting,o=xxxxxxxx,c=de"
                rootdn "cn=xxxxxxxx,sid=3092,sec=webhosting,o=xxxxxxxxx,c=de"
                uri ldaps://sid3092.int.webslave.xxxxxxxxx
                network-timeout 5
                timeout bind=5
                lastmod on
                restrict all

acl-bind        bindmethod=simple
                binddn="cn=xxxxxx,sid=3092,sec=webhosting,o=xxxxxx,c=de"
                credentials="PASSWORD"

syncrepl        rid=3092
                provider=ldapi://%2Fvar%2Frun%2Fldapi
                binddn="cn=Manager,o=xxxxxxxxxxx,c=de"
                bindmethod=simple
                credentials=PASSWORD
                searchbase="sid=3092,sec=webhosting,o=xxxxxxxxxx,c=de"
                type=refreshAndPersist
                retry="10 6 30 +"

overlay syncprov


Regards,
Daniel



Freundliche Grüße,

Daniel Betz
System Design Engineer / Senior Systemadministration
___________________________________

domainfactory GmbH
Oskar-Messter-Str. 33
85737 Ismaning
Germany

Telefon:  +49 (0)89 / 55266-364
Telefax:  +49 (0)89 / 55266-222

E-Mail:   db...@df.eu<mailto:db...@df.eu>
Internet: www.df.eu<http://www.df.eu/>

Registergericht: Amtsgericht München
HRB-Nummer 150294, Geschäftsführer:
Tobias Mohr, Stephan Wolfram

Reply via email to