Connection in LDAPS lost
Connections to OpenLDAP are impossible after a random delay... It only appears in LDAPS. (not in LDAP) It is reproduced on two different environments:
{noformat} Debian 7.8 LemonLDAP::NG 1.4.4 mod perl : 2.0.7-3 Apache::Session::LDAP 0.3.1 libssl1.0.1e-2+deb7u17 {noformat}
{noformat} CentOS 6.6 LemonLDAP::NG 1.4.5 mod_perl-2.0.4-11.el6_5.x86_64 perl-5.10.1-136.el6_6.1.x86_64 openssl-1.0.1e-30.el6.11.x86_64 Apache-Session-LDAP-0.4 {noformat}
And the lemon logs are consequences of the lost connections and do not show the right problem. For example, for Debian:
{noformat} [error] Unable to connect to ldaps://[...]
Unable to load configuration: Lemonldap::NG::Common::Conf::LDAP loaded.\nGet configuration from cache without verification.\n
[error] Unable to create new CAS session [Tue May 26 14:46:11 2015] [error] Session cannot be tied: Unable to connect to ldaps://...:636/ at /usr/share/perl5/Apache/Session/Store/LDAP.pm line 103.\n
[debug] CGI.pm(115): Lemonldap::NG::Portal::SharedConf: Now using configuration: 0 {noformat}
The configuration of LemonLDAP::NG in both environments is the same:
- configuration in ldaps,
- authentication in ldaps,
- sessions in ldaps,
- SAML IdP provider