A couple of thing to do:
1) Check DS error log (<sever-root>/slapd-<host>/logs/access) for any
meaningful error messages.
2) Based on your description, it is possible that with the Java client
socket connections are not closed properly. You need to check the number of
open connections between the client and the server.
a) Check the DS access log (<sever-root>/slapd-<host>/logs/access) to
see if connections are getting closed properly
b) Use a utility like lsof to check for the number of socket
connections between the client and the server.
3) If Java client is not closing the connections first make sure it it is
not a coding error rather than a SDK problem.
4) Which Java SDK version are you using? You can check the java sdk version
by running
java - classpath ldapjdk.jar netscape.ldap.LDAPConnection
If you still suspect that it is a SDK problem you try the latest Java SDK
version 4.17. You need to checkout the SDK source from mozilla as it is not
available in binary form.
Miodrag
Robert Rich wrote:
> Hi,
>
> This is a long shot, but worth it.
>
> We are using the BEA WebLogic LDAPv2 Realm, which is implemented using
> the Netscape Java SDK. In order to protect passwords that are sent over
> the wire in BIND operations, we've elected to use SSL. The problem is,
> after a somewhat consistent amount of activity (15-20k queries), the
> LDAP server hangs completely (iDS 5.1sp1 on Solaris 8). The process is
> still running, and you can connect to it both cleartext and via SSL, but
> it refuses to answer queries (even cn=monitor/cn=config type queries),
> and you must kill -9 it.
>
> Obviously, the first thought isn't the Java SDK, but in a process of
> elimination, we've tested with various variables removed. So far, the
> only thing that has allowed us to continue running without hanging the
> service is to turn SSL off in the WebLogic realm configuration.
>
> I would think this is purely a problem with SSL on iDS, but at the same
> time, we have another client (using the Netscape C SDK) making 10-15
> times as many requests over SSL, with no problems. I would point at
> BEA, but the WebLogic realm implementation appears to be quite
> pedestrian, and there isn't anything that it's doing that should be able
> to hang iDS (authenticating users via simple bind and looking for group
> membership)
>
> Right as the LDAP server hangs, the last thing we see is a
> 'slapd_poll(fd) timeout' (where fd = file descriptor of BEA realm
> socket) and in the access log, the realm disconnects.
>
> We are using OpenSSL generated certs on iDS.
>
> Anyone have thoughts on this one? Support hasn't been terribly
> effective so far.
>
> Thanks
>
> Bob
