SSL LDAP connection caching problem (was Re: [exim] LDAP con…

Top Page
Delete this message
Reply to this message
Author: John Dalbec
Date:  
To: exim-users
Old-Topics: Re: [exim] LDAP connection caching problem?
Subject: SSL LDAP connection caching problem (was Re: [exim] LDAP connection caching problem?)
I wrote a Perl script to test this. It opens an LDAP connection and binds to
the directory. It forks a child that runs a search then sleeps for a while.
The parent sleeps to allow the child search to complete, then forks a second
child that runs the same search and then sleeps for a while. If I set up the
LDAP connection unencrypted, the script runs fine. If I set up the LDAP
connection encrypted, the second search gets an I/O error.

I think a reasonable workaround is if Exim caches the PID along with the other
connection information for encrypted connections and then uses the encrypted
connection only with that PID. Does anyone have a better idea?

Looking at the source code I don't see an easy way to determine whether a
connection is encrypted since LDAP_OPT_X_TLS_TRY seems to be the default. Is
there an easy way to determine this? Does TRY actually mean don't bother
encrypting?
Thanks,
John