directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Serge Pouliquen <sp31...@free.fr>
Subject Re: apache DS + thunderbird : issue with TLS, while clear is functional
Date Mon, 06 Nov 2017 19:46:45 GMT
Hi,

 > are you trying to get autocomplete to work with ldap on thunderbird?
yes

 > directory server in thunderbird?
yes

 > i am using a letsencrypt certificate
you probably have a dedicated or real server.

I'm using my workstation to host apache ds.
Currently, I'm suspecting apache ds to answering too fast and 
thunderbird may have an issue with too fast connection.
Using thunderbird to connect localhost service is not the regular case.
In my last message, I was reporting that by emulating network (and not 
localhost), it was functionnal with the same software settings 
(thunderbird and apache ds).

Regards,
Serge



On 06/11/17 19:25, Matthew Broadhead wrote:
> hi, i haven't read the entire thread but are you trying to get 
> autocomplete to work with ldap on thunderbird?  i am using a 
> letsencrypt certificate on apache ds without problem.  did you do 
> preferences -> composition -> addressing -> directory server in 
> thunderbird?
>
> On 06/11/2017 19:19, Serge Pouliquen wrote:
>> Hi,
>>
>> I reply on my own message.
>>
>> I made additionnal tests.
>> I generated a new certificate to server called 'testldap' and place 
>> an exception in thunderbird in order to have it valid in thuderbird.
>>
>> steps to reproduce : start computer, start thunderbird, open compose 
>> window, type some letters in recipient field in order to 
>> auto-complete with ldap search
>>
>> test1 : testldap is set to 127.0.0.1 (in /etc/hosts)
>>  -> result is no auto complete on the first request (after stop start 
>> thunderbird, ldap auto-complete is fine)
>>
>> test2 : testldap is set (in /etc/hosts) to isp router and isp router 
>> is set to redirect port to the computer
>>  -> result is auto complete is functional on the first request (and 
>> futures)
>> I identified that auto complete is really longer to display proposed 
>> addresses
>>
>> My apache ds instance is request with localhost and the filesystem 
>> for apache ds is a ramdisk. So it's really fast, almost instantly.
>>
>> I don't really believe that a bug report like that will be processed 
>> by thunderbird developpers.
>> Do you have any idea to improve my bug report ?
>>
>> Is there an option to slowing or delaying apache ds ?
>> Ideally only the first request from a client.
>> Do you think it is possible to do something like that with interceptor ?
>> (http://directory.apache.org/apacheds/advanced-ug/6-implementing-interceptor.html)

>>
>>
>> I still find that strange.
>> Regards,
>> Serge
>>
>>
>> On 06/11/17 00:20, Serge Pouliquen wrote:
>>> Hi,
>>>
>>> When trying with thunderbird log, I noticed that the first 
>>> auto-complete request was producing logs on apache ds (with 
>>> -Djavax.net.debug=all) and not the later.
>>> I suspected my certificate (generated by me with my own CA). I tried 
>>> a certificate generated with the tuto from apache ds website. It 
>>> looks like auto-complete is more frequent.
>>> http://directory.apache.org/apacheds/basic-ug/3.3-enabling-ssl.html#in-case-you-want-to-use-an-external-keystore

>>>
>>>
>>> With the certificate generated according to apache ds website, I can 
>>> stop/start thunderbirdand apacheds in almost any order, it will 
>>> still autocomplete once auto-complete has succeeded. I only found 
>>> that to have the issue back is to restart computer or restart apache 
>>> ds while thundebird is still running (thunderbird restart will 
>>> restore auto complete back). It looks like a cache is cleaned on 
>>> restart (amazing question to find which one...) or ldap connection 
>>> are not inited again on failed status (maybe a feature).
>>>
>>>
>>> I still don't know what is the root cause issue but it looks related 
>>> or interfered by data in certificate.
>>> The first request may ask some resource, not provided in time. So 
>>> current request is considered timeout, connection is considered 
>>> failed. But resource are loaded.
>>> Future request may fail if based on the failed connection (that may 
>>> be the reason why I wasn't seeing any traffic on the network) or 
>>> succeded if a new connection is inited (with resource in a cache). I 
>>> don't know how I can check above.
>>> In thunderbird, adress book window and auto-complete may not be 
>>> processing request the same way.
>>>
>>> Below, there is some logs (I didn't noticed any issue, but I may be 
>>> wrong)
>>>
>>> Is someone using a certificate made by a similar command (apache ds 
>>> tuto) with thunderbird without issue ?
>>>
>>> Is that possible that localhost is so fast, that it produced error 
>>> that are not visible in real network world ?
>>>
>>> Thanks for the previous suggestions, it helps me to move a bit forward,
>>>
>>> Serge
>>>
>>>
>>>
>>> On 05/11/17 00:02, Emmanuel Lécharny wrote:
>>>> Le 04/11/2017 à 19:57, Jason a écrit :
>>>>> If you are using the auto generated self signed certificates try a 
>>>>> version
>>>>> 1.7 jvm or generate your own certs. I think the DS selfsigned 
>>>>> certs are not
>>>>> created correctly in a 1.8 Jvm due to changes in supported crypto
>>>>> algorithms.
>>>> You can change the self-signed certificate. It's provided for
>>>> convenience only.
>>>>
>>>> We may generate a new one for Java 8 in a later release.
>>>>
>>>
>>
>


Mime
View raw message