Joe, List, yes! It does sound like it is something with Oracle SSL engine. I let the process (search) running for more than 3 hours (so I think it is not a problem of slow communication/authentication) and it never returned. When it was issued a CTRL+C to abort the procedure (which was running from a sqlplus), the stack error it returned pointed to a Oracle package (SYS.DBMS_LDAP_API_FFI) in its last level (upper level). The code in Pl/Sql follows (SECURITYSOX is our schema user and LDAP is our user package):
########## SQL> 1 declare 2 X number; 3 begin 4 X := -1; 5 X := LDAP.VALIDA_USUARIO_LDAP(2,'ldapuser','ldappass'); 6 dbms_output.put_line(X); 7* end; SQL> / declare * ERROR at line 1: ORA-01013: user requested cancel of current operation ORA-06512: at "SYS.DBMS_LDAP_API_FFI", line 134 ORA-06512: at "SYS.DBMS_LDAP", line 253 ORA-06512: at "SECURITYSOX.LDAP", line 221 ORA-06512: at "SECURITYSOX.LDAP", line 581 ORA-06512: at "SECURITYSOX.LDAP", line 181 ORA-06512: at line 5 ########## Nothing appears in oracle's alert.log. No traces are generated in bdump, cdump or udump directories like it had nothing to do with/for oracle. The certificates used were provided by our customer and were tested by them and as we can init the session, open the ssl support for that session and even authenticate a ldap user/pass, the certificates are out of the possible causes of this issue. And even more because, as mentioned, we can perform a search over SSL using JXplorer and it is almost immediate, no hangs (for the little they could be), no delays, nothing, just direct to the result! I am trying to contact out customer's LDAP admin in order to get additional info from the server logs. As soon as I can get this, I will update the thread. Thanks you all for your help! Em Ter, 2007-01-23 às 10:51 -0600, Joe Kaplan escreveu: > If this can happen with any LDAP directory and not just AD, then it sounds > like the issue is with the Oracle SSL stack. > > Does the search hang permanently or just take a long time to execute? > Sometimes an SSL operation is slowed down a lot due to client certificate > authentication requested by the server or CRL checking. > > Does Oracle give you any logs? What SSL stack do they use? Can this issue > be reproduced with any other SSL stacks (Windows using ldp.exe for example)? > > Joe K. > > ----- Original Message ----- > From: "Mauricio de Andrade Ramos" <[EMAIL PROTECTED]> > To: <ActiveDir@mail.activedir.org> > Sent: Tuesday, January 23, 2007 4:28 AM > Subject: [ActiveDir] Search over SSL hangs > > > > List, > > > > surfing google, realized that it is something that happens with a great > > frequency and not just with this specific directory we are using (Active > > Directory). Have you ever experienced performing a search to a > > directory, through SSL, and the search gets hang? > > > > It won't happen using a ldap browser client (like JXplorer) but from a > > PL/Sql procedure from Oracle....The curious is that when this very same > > search is performed through a non-SSL connection (from the database), it > > won't hang, just through SSL! Took a look in lots of messages, forums, > > Oracle forums and this issue is reported in enviroments with other > > configurations (other directories, database, OS...) but a solution or > > workaround or even the pointing of where is the problem is never > > explained! > > > > Additional info: 2 different certificates were used. Both given by our > > customer and are a valid ones (tested by them and us, we can > > connect/authenticate/search through JXplorer and connect/authenticate > > through Oracle). > > > > Can you give us a light? Thanks you all in advance. Mauricio. > > > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: http://www.activedir.org/ma/default.aspx > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ma/default.aspx > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
