> -----Original Message----- > From: [email protected] [mailto:rhelv5-list- > [email protected]] On Behalf Of Chris Adams > Sent: Wednesday, April 07, 2010 1:24 PM > To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list > Subject: Re: [rhelv5-list] Problem with RHEL 5.5 openldap and TLS > > Once upon a time, John Haxby <[email protected]> said: > > On 5 April 2010 19:48, Chris Adams <[email protected]> wrote: > > > I ran slapd with -d2 to gather debugging during the 3+ second delay, > and > > > I saw the following line repeated 37,370 times during the delay: > > > > > A delay of about three seconds is often down to a DNS problem. Check > that > > the servers listed in /etc/resolv.conf are working properly. Running > > wireshark to see what's going on during the delay might also shed some > light > > if you're not seeing any DNS servers aren't right. > > The delay is after the connection is open and TLS has been started, and > it also happens on the ldapi (local socket) connection, so it isn't DNS > (also, a DNS problem wouldn't come and go with just changing the > openldap packages). > > There's a patch in the RHEL 5.5 openldap packages that changes TLS > negotiation, and to me, just looking at it, it looks like it could cause > a busy loop; I recompiled without that patch and the problem went away. > I think the problem that the patch was supposed to fixed needs to be > re-investigated (that's BZ 509230). > > Red Hat support has reproduced the problem and has passed it on to > engineering. > -- > Chris Adams <[email protected]> > Systems and Network Administrator - HiWAAY Internet Services > I don't speak for anybody but myself - that's enough trouble. > > _______________________________________________ > rhelv5-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/rhelv5-list
I'll be upgrading my machines to 5.5 including my LDAP server this weekend so I'll post back if I discover any breakthroughs. Dan _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
