Hi,
Im using stunnel through xinetd to forward some local unencrypted ldap connections to our ssl ldap server. Seems to work ok but after each use the stunnel process does not terminate, so I end up with losts of processes not doing anything.
After a few days, these processes reach a limit and connections fail.
As you can see, the connection has finished, but the process still exists:
[root@lynx stunnel]# ps -e | grep stunnel 2396 ? 00:00:00 stunnel 2517 ? 00:00:00 stunnel 2575 ? 00:00:00 stunnel 2576 ? 00:00:00 stunnel
[root@lynx stunnel]# netstat -p | grep stunnel tcp 0 0 lynx.seekit.co.uk:ldaplo lynx.seekit.co.uk:60390 CLOSE_WAIT 2396/stunnel unix 2 [ ] DGRAM 3204569 2576/stunnel unix 2 [ ] DGRAM 3204562 2575/stunnel unix 2 [ ] DGRAM 3203127 2517/stunnel unix 2 [ ] DGRAM 3202108 2396/stunnel
Heres the xinetd configuration for stunnel (/etc/xinetd.d/ldaplo): # default: on # description: Stunnel to connect to LDAP for an insecure local session service ldaplo { disable = no #flags = REUSE port = 390 socket_type = stream wait = no user = nobody server = /usr/sbin/stunnel server_args = /etc/stunnel/ldap.conf # log_on_failure += USERID }
Heres the stunnel configuration file (/etc/stunnel/ldap.conf): client = yes connect = 636
Cheers,
Alex Forrow
-
Alex Forrow