Re: (ITS#6827) SSL Unbind Hangs

[masarati@aero.polimi.it]

> Full_Name: Jason Colonno
> Version: 2.4.23-0ubuntu3.4
> OS: Ubuntu 10.10
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (76.1.229.99)
>
>
> When binding with a AD server using SSL, ldap functions work properly
> however
> when the unbind function is called it hangs indefinitely. The point of the
> function is to reset a user's passwords.
>
> AD Server is Windows Server 2008 R2. Ldp.exe testing of connecting with
> the
> server does not have this problem since it does not use python-ldap.
>
> Sample Code:
>            bind_str = "ldaps://" + domain_controller + ":636/"
>            l = ldap.initialize(bind_str)
>            l.set_option( ldap.OPT_X_TLS_DEMAND, True )
>            l.set_option( ldap.OPT_DEBUG_LEVEL, 255 )
>            bind_str = "cn=" + binding_username + ",cn=Users,dc=" +
> domain_dc +
> ",dc=" + domain_ext
>            l.simple_bind_s(bind_str, binding_password)
>            new_gen_passwd = generate_temp_pw()
>            unicode1 = unicode("\"" + new_gen_passwd + "\"", "iso-8859-1")
>            unicode2 = unicode1.encode("utf-16-le")
>            new_password = unicode2
>            mod_attrs = [(ldap.MOD_REPLACE, 'unicodePwd', new_password)]
>            l.modify_s(username, mod_attrs)
>            l.unbind_s()
>
> Also a simple SSL bind and unbind without any modifications to the AD
> yields the
> same hanging problem.

So far I don't see OpenLDAP specific issues here (assuming python-ldap is
linked to OpenLDAP's client library).  You can try the same operation
using ldapmodify(1) and see if you can reproduce the problem using client
tools.  If you can't, the problem is likely unrelated to OpenLDAP. 
Otherwise, you should check whether it's python-ldap or AD specific. 
Unless you can narrow down the problem to libldap or OpenLDAP specific
code, the issue does not belong to us.

p.