[stunnel-users] stunnel 4.16 wrapped around an ldap server causing very slow binds

Jan Meijer jan.meijer at surfnet.nl
Sun Nov 5 11:29:35 CET 2006


Hi Mark,

On Sat, 4 Nov 2006, Mark McCoy wrote:

> I have an instance of stunnel 4.16 on Solaris 10 that I am trying to
> use to wrap Sun Directory Server LDAP traffic in SSL.  LDAP 'binds'
> take over 2 minutes to complete using stunnel, but only a split second
> (as they should) when using an SSH tunnel.
>
> I have disabled tcpwrappers per the stunnel FAQ with no results, and
> tried settting delay = "yes" and "no", with no differences in the
> results.
>
> An interesting thing is that if I try to bind using the wrong
> password, the "Invalid Credentials" error returns immediately.  Using
> the correct password, the bind hangs for over 2 minutes.
>
> Any ideas on what to look for?

Unfortunately not but, a maybe silly advice towards problems solving: have
you captured and analyzed the traffic at the stunnel host's side?  Can be
quite revealing.

-- 
Jan

http://www.surfnet.nl/organisatie/jame




More information about the stunnel-users mailing list