[rhelv6-list] Intermittent Mozilla NSS/LDAP client failures in PHP
Rich Graves
rgraves at carleton.edu
Mon Sep 12 01:51:40 UTC 2011
This is resolved by yum downgrade on the clients to openldap-2.4.19-15.el6_0.2.x86_64, the last version before RedHat decided to change from OpenLDAP to Mozilla NSS for SSL support.
To reproduce:
Fully patched RHEL 6.1 Xen VM on top of RHEL5 2.6.18-238.12.1.el5xen and xen-3.0.3-120.el5_6.2.
Configure httpd.conf with default prefork MPM settings.
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
</IfModule>
Hit ldaptest.php, below, and wait for it to fail. It won't take long.
<?php
echo "Using process id " . getmypid() . "<p>";
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
$ldapconn = ldap_connect("ldaps://ldapserver1/ ldaps://ldapserver2/")
or die("Could not connect to LDAP server.");
$ldapbind = ldap_bind($ldapconn);
if ($ldapbind) {
// echo "LDAP bind successful...";
ldap_close($ldapconn);
} else {
echo "LDAP bind failed... $errormsg<br>";
ldap_close($ldapconn);
exit();
}
}
usleep(50000);
echo "<script language=\"javascript\">location.replace(\"https://ldaptest.php?count=$count\");</script>";
?>
More information about the rhelv6-list
mailing list