• 6
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

slapd 2.4.23 hangs on ldaps connections

New install of CentOS 6.3, openldap-servers-2.4.23. Generated a new certificate request, signed the cert, started slapd. ldapsearch responds on ldapi:/// and ldap:///. However, as soon as a request is made on ldaps:///, the slapd process consumes all available CPU and never responds.

strace -p -ff yields the following results, in an infinite loop:

[pid  5978] open("/etc/openldap/certs/server.key", O_RDONLY) = 21
[pid  5978] stat("/etc/openldap/certs/server.key", {st_mode=S_IFREG|0640, st_size=1704, ...}) = 0
[pid  5978] read(21, "-----BEGIN PRIVATE KEY-----\nMIIE"..., 1704) = 1704
[pid  5978] close(21)                   = 0
[pid  5978] open("/etc/openldap/certs/server.key", O_RDONLY) = 21
[pid  5978] stat("/etc/openldap/certs/server.key", {st_mode=S_IFREG|0640, st_size=1704, ...}) = 0
[pid  5978] read(21, "-----BEGIN PRIVATE KEY-----\nMIIE"..., 1704) = 1704
[pid  5978] close(21)                   = 0
[pid  5978] open("/etc/openldap/certs/server.key", O_RDONLY) = 21
[pid  5978] stat("/etc/openldap/certs/server.key", {st_mode=S_IFREG|0640, st_size=1704, ...}) = 0
[pid  5978] read(21, "-----BEGIN PRIVATE KEY-----\nMIIE"..., 1704) = 1704
[pid  5978] close(21)                   = 0
[pid  5978] open("/etc/openldap/certs/server.key", O_RDONLY) = 21
[pid  5978] stat("/etc/openldap/certs/server.key", {st_mode=S_IFREG|0640, st_size=1704, ...}) = 0
[pid  5978] read(21, "-----BEGIN PRIVATE KEY-----\nMIIE"..., 1704) = 1704
[pid  5978] close(21)                   = 0
[pid  5978] open("/etc/openldap/certs/server.key", O_RDONLY) = 21
[pid  5978] stat("/etc/openldap/certs/server.key", {st_mode=S_IFREG|0640, st_size=1704, ...}) = 0
[pid  5978] read(21, "-----BEGIN PRIVATE KEY-----\nMIIE"..., 1704) = 1704
[pid  5978] close(21) 

I've re-generated certs just to be sure they aren't corrupt, no joy.

Figured it out. Apparently openldap loads the certs differently depending on where they are in the directory structure. If they are in the /etc/openldap/certs dir - it treats them as MozNSS and afterwards fails spectacularly to load anything at all. If they are in /etc/pki, it uses OpenSSL and loads everything just fine.

  • 1
Reply Report

Trending Tags