directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pittman, Michael" <>
Subject Re: Re: [ApacheDS] EntryCursor hangs when search ApacheDS with SSL/TLS
Date Mon, 15 May 2017 21:36:57 GMT
Thanks for the quick reply!

Do you have at least one entry?

-   Yes there are plenty of entries in the ApacheDS.

How big are the entries?

-   There are a lot of entries. Like 60+ sites (each site is an ou) and multiple role entries
per site (10+). And we are searching for roles throughout all of the sites. Each role entry
is also pretty hefty as we have attributes on the entry that define which users belong to
the role.

Also could you provide the code you use on the client side ?

-   A generic example of what it looks like when I search is:

        final String filter = <filter for finding roles>
         final EntryCursor cursor =, filter, SearchScope.SUBTREE,
       while ( //this is where is hangs after a few iterations
            Entry roleEntry = cursor.get();
            if(<some condition>)

ApacheDS version, LDAP API version and Java version?

-   ApacheDS version: ApacheDS 2.0.0-M23<>

-   LDAP API version: LDAP API 1.0.0-RC2<>

-   Java version on client machine: 1.8.0_92

-   Java version on ApacheDS machine: 1.8.0_92

Like I said before it works without ssl/tls, but hangs when we start using either ldaps or
startTls, so I know the search filter works.

>> Hi Guys,
>> I'm trying to harden my system by implementing SSL/TLS encryption between my client
>ApacheDS server. I'm running into the issue where once I use LDAPS or startTLS, then when
>I go to search ApacheDS it hangs on the I'm able to create the LdapNetworkConnection
>without any ssh handshake errors, but when I start looping through the entry cursor it
>randomly hang and never timeout. Once I go back to not using encryption everything starts
>to work again.
>> I'm using a selfsigned cert that I generated with java keytool.
>> I am using the latest versions of ApacheDS and of the Apache Ldap client API. I'm
>to provide you any information you need to help me debug this issue.
>> Any help to get me on the right track is greatly appreciated.
>do you et at least one entry ?
>How big are the entries ?
>Also could you provide the code you use on teh client side ?
>Last, not least, ApacheDS version, LDAP API version and Java version,
>please :-)
>Thanks !
>Emmanuel Lecharny


Michael Pittman
Software Engineer
Mobile: (863) 517-1910

View raw message