Thanks for the quick reply!
Do you have at least one entry?
- Yes there are plenty of entries in the ApacheDS.
How big are the entries?
- There are a lot of entries. Like 60+ sites (each site is an ou) and
multiple role entries per site (10+). And we are searching for roles throughout
all of the sites. Each role entry is also pretty hefty as we have attributes on
the entry that define which users belong to the role.
Also could you provide the code you use on the client side ?
- A generic example of what it looks like when I search is:
final String filter = <filter for finding roles>
final EntryCursor cursor = connection.search(roleBaseDN, filter,
SearchScope.SUBTREE, "*");
while (cursor.next()) //this is where is hangs after a few iterations
{
Entry roleEntry = cursor.get();
if(<some condition>)
roleList.add(roleEntry);
}
ApacheDS version, LDAP API version and Java version?
- ApacheDS version: ApacheDS
2.0.0-M23<http://directory.apache.org/apacheds/downloads.html>
- LDAP API version: LDAP API
1.0.0-RC2<http://directory.apache.org/api/downloads.html>
- Java version on client machine: 1.8.0_92
- Java version on ApacheDS machine: 1.8.0_92
Like I said before it works without ssl/tls, but hangs when we start using
either ldaps or startTls, so I know the search filter works.
>> Hi Guys,
>>
>> I'm trying to harden my system by implementing SSL/TLS encryption between my
>> client and
>ApacheDS server. I'm running into the issue where once I use LDAPS or
>startTLS, then when
>I go to search ApacheDS it hangs on the EntryCursor.next(). I'm able to create
>the LdapNetworkConnection
>without any ssh handshake errors, but when I start looping through the entry
>cursor it will
>randomly hang and never timeout. Once I go back to not using encryption
>everything starts
>to work again.
>>
>> I'm using a selfsigned cert that I generated with java keytool.
>>
>> I am using the latest versions of ApacheDS and of the Apache Ldap client
>> API. I'm happy
>to provide you any information you need to help me debug this issue.
>>
>> Any help to get me on the right track is greatly appreciated.
>
>Hi,
>
>do you et at least one entry ?
>
>How big are the entries ?
>
>Also could you provide the code you use on teh client side ?
>
>Last, not least, ApacheDS version, LDAP API version and Java version,
>please :-)
>
>Thanks !
>
>--
>Emmanuel Lecharny
>
>Symas.com
>directory.apache.org
Thanks,
Michael Pittman
Software Engineer
CRITICAL NETWORKS / HARRIS CORPORATION
Mobile: (863) 517-1910
