Re: Re commit: ldap/libraries/libldap sasl.c

[Ralf Haferkamp <rhafer@suse.de>]

On Friday 15 October 2010 14:02:27 Howard Chu wrote:
> Howard Chu wrote:
> > Ralf Haferkamp wrote:
[..]
> >>> Please review and comment, thanks.
> >> 
> >> It seems that SASL/GSSAPI binds broke somehow. At least for me
> >> ldapsearch from current HEAD hangs in ldap_int_select(). I have
> >> 2.4.23
> > 
> >> on the server side. Here is the end of ldapsearch's debug output:
> > Thanks, I suspected that might happen. I only tested DIGEST-MD5 and
> > EXTERNAL so far. Will look into it shortly.
> 
> All working for me now.
Same here. Thanks.
 
> > Looking at it again, it strikes me that perhaps this restructuring
> > was an exercise in futility. The ldap_host_connected_to() function
> > can block doing a DNS lookup, and also the GSSAPI mechanism can
> > block while obtaining a service ticket. (In addition to any
> > blocking during ldap_pvt_sasl_getmechs()...) As such, it would need
> > a lot more work to make it fully asynchronous. We could create the
> > infrastructure needed to make ldap_host_connected_to() and
> > ldap_pvt_sasl_getmechs() fully asynch, but we have no such control
> > over the SASL mechanisms.
> 
> Still dunno what to do with this. Is it better than nothing?
I'd think so, yes. AFAIK we do have similar issues with StartTLS as well, 
don't we. Ok, ldap_start_tls() seems to completely async, but one needs 
to call ldap_install_tls() after that, and that again might block 
somewhere in the underlying openssl/gnutls/moznss libraries.

Ralf

-- 
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)