Ando, Well, I tried the latest RE23 code, and still ran into the same problem, ldapsearch reports err=51, you can find the complete loglevel -1 log and relevant detail bits at http://w3.gofti.com/~pfnguyen/openldap/ldapsearch-bad-meta-re23-050830.txt
Thanks. > >> -----Original Message----- > >> From: Pierangelo Masarati [mailto:[EMAIL PROTECTED] > >> Sent: Thursday, August 25, 2005 3:39 PM > >> To: Perry Nguyen > >> Cc: '[email protected] > >> Subject: Re: back-meta (Was: (ITS#3971) slapo-glue dissolving > >> after one query) > >> Perry Nguyen wrote: > >> >1, yes, this error still occurs when no gluing is going on, > >> I have the full > >> >loglevel -1 trace and commands used/input at > >> >http://w3.gofti.com/~pfnguyen/openldap/ldapsearch-bad-meta.txt > >> I haven't gone into details yet, but I believe this issue > >> with back-meta > >> may have been cured in current re23 (i.e. code candidate for > >> release as > >> next 2.3). Similar behavior was observed some time because > >> ldap_result() after asynchoronous bind was called with 0 > >> timeout, i.e. > >> for a poll. This has been reported to result in a storm of > >> pollings. I > >> wonder if you can give it a quick try. > I didn't have much time to look at your logs; however, it > appears that few > of them actually have to do expressly with back-ldap or back-meta; > significantly, all those involving ldaps:// seem to have > mostly to do with > certificate checking (I couldn't tell if on the reomte or the local > server's side). I suggest we try to work each issue out separately. > First of all you should try and set up something working (either with > back-meta or back-ldap) with plain ldap://; given the recent > improvements > in both, I'd suggest you try with the latest OpenLDAP 2.3 > code. If the > setup works as expected, you can do some more tests about > ldaps://; they > should mostly likely end up with requiring/disabling either remote > server-side or proxy-side certificate checking, based on your > requirements, and providing the appropriate configuration if > certificate > checking is required. Note that back-ldap in 2.3 also allows > to configure > the use if Start TLS and TLS propagation (i.e. proxy with TLS > only if it > was used in the connection from the client to the proxy). If > testing with > back-ldap yields positive results, I plan to extend this capability to > back-meta.
