Re: [ApacheDS] EntryCursor hangs when search ApacheDS with SSL/TLS

Mon, 15 May 2017 14:58:04 -0700 


Le 15/05/2017 à 23:36, Pittman, Michael a écrit :
> Thanks for the quick reply!
>
> Do you have at least one entry?
>
> -   Yes there are plenty of entries in the ApacheDS.

Sorry, my question was inaccurate... I wanted to know if you were
receiving some entries before it halts (And I guess the answer is : yes).
>
> How big are the entries?
>
> -   There are a lot of entries. Like 60+ sites (each site is an ou) and 
> multiple role entries per site (10+). And we are searching for roles 
> throughout all of the sites. Each role entry is also pretty hefty as we have 
> attributes on the entry that define which users belong to the role.

Can you tell how big are each entry ? (hundred of bytes, kilobytes,
bigger ?)
>
>
> Also could you provide the code you use on the client side ?
>
> -   A generic example of what it looks like when I search is:
>
>         final String filter = <filter for finding roles>
>          final EntryCursor cursor = connection.search(roleBaseDN, filter, 
> SearchScope.SUBTREE, "*");
>        while (cursor.next()) //this is where is hangs after a few iterations
>         {
>             Entry roleEntry = cursor.get();
>             if(<some condition>)
>                 roleList.add(roleEntry);
>         }

Sounds correct, AFAICT...
>
> ApacheDS version, LDAP API version and Java version?
>
> -   ApacheDS version: ApacheDS 
> 2.0.0-M23<http://directory.apache.org/apacheds/downloads.html>
>
> -   LDAP API version: LDAP API 
> 1.0.0-RC2<http://directory.apache.org/api/downloads.html>
>
> -   Java version on client machine: 1.8.0_92
>
> -   Java version on ApacheDS machine: 1.8.0_92

Nothing wrong here...
>
> Like I said before it works without ssl/tls, but hangs when we start using 
> either ldaps or startTls, so I know the search filter works.

Ok. One bet is that after having recived a certain amount of data, the
TLS layer is trying to renegociate, and that may not work.

Can you start the client with teh *-Djavax.net.debug=all option ?
*

That will dump a lot of debug info on the console, and that may be
helpful to understand what's going on.

If you don't want to post those info on teh mailing list, you can mail
me direcly so that we can discuss a proper way to safely send me teh infos.

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

Reply via email to