Hide Forgot
Description of problem: Please see http://www.openldap.org/its/index.cgi/?findid=7122 for a detailed description.
Cannot reproduce steps: 1) grabbed latest openldap 2.4 branch source code from git (OPENLDAP_REL_ENG_2_4) - HEAD commit is commit 14171f88ac1a5162c0d801e071163cc1b6de8aeb Author: Quanah Gibson-Mount <quanah> Date: Tue Jan 3 12:20:15 2012 -0800 ITS#7117 2) built from source into local install directories - one version built with moznss, one built with openssl 3) setup and configured server for TLS/SSL 4) on each server, did the following: LDAPTLS_CACERT=~/save/CA/cacert.pem time bin/ldapsearch -xLLL -ZZ -H ldap://localhost.localdomain:1389/ -s base -b "" the one built with moznss yields results similar to the following: 0.00user 0.00system 0:00.02elapsed 57%CPU (0avgtext+0avgdata 15344maxresident)k 0inputs+0outputs (0major+1051minor)pagefaults 0swaps the one built with openssl yields results similar to the following: 0.02user 0.00system 0:00.04elapsed 64%CPU (0avgtext+0avgdata 17184maxresident)k 0inputs+0outputs (0major+1163minor)pagefaults 0swaps i.e. the difference is negligible Please provide more information so that we can reproduce the issue you are seeing.
The issue was reported against the OpenLDAP 2.4.23 packages as built and provided by RedHat. I fail to see how verifying this issue is fixed in a later build has any relation to a problem with the RHEL provided packages.
The RHEL 6.2 openldap package doesn't go strictly by the version of the upstream package - many of those fixes have been backported to the RHEL 6.2 openldap 2.4.23 package, but only the release tag has changed, not the 2.4.23 - so for example many openldap moznss patches went in between 2.4.23-5 and 2.4.23-19 If you look at the rpm changelog you can see that - unfortunately the changelog does not list the upstream its, so it's a bit of work to go back from the rh bz to the openldap its For example, ITS#7034 is rhbz#701678 and rhbz#709407 which was fixed in openldap-2.4.23-19.el6, which looks like it was included in the upstream openldap 2.4.28 That's why I was testing with the latest openldap releng 2.4 branch code, since, at least as far as moznss patches go, it's almost the same - and since, if I have to fix this bug, I'm going to have to eventually work backwards to the openldap 2.4 branch source code, and then to the master branch in order to format and submit an acceptable patch to the openldap its system, I figured I would save some time
Additional steps: 1) installed the openldap-servers 2.4.23-20 package on RHEL 6.2 x86_64 2) setup server and configured for TLS 3) LDAPTLS_CACERT=~/save/CA/cacert.pem time ldapsearch -xLLL -ZZ -H ldap://localhost.localdomain:1389/ -s base -b "" dn: objectClass: top objectClass: OpenLDAProotDSE 0.00user 0.00system 0:00.02elapsed 53%CPU (0avgtext+0avgdata 14608maxresident)k 0inputs+0outputs (0major+1003minor)pagefaults 0swaps ldapsearch returns immediately - same as other tests performed with source code from git 2.4 branch Please provide more information.
Close this out for now, package being used is 2.4.23-15, not 2.4.23-20. Advised customer to upgrade to current package build.