[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: possible bug in lber library?

To: Howard Chu <hyc@highlandsun.com>, openldap <openldap-software@OpenLDAP.org>
Subject: RE: possible bug in lber library?
From: Dave Snoopy <kingsnoopy7@yahoo.com>
Date: Wed, 12 Jun 2002 10:16:23 -0700 (PDT)
In-reply-to: <NMEFLNHODBAOPDKNNJALGEGJDAAA.hyc@highlandsun.com>

This didn't fix the problem. I'll try to discover
specifically why ber_get_next is failing, and post my
findings. If you can think of anything else to try,
please let me know.

Thanks,
Dave

--- Howard Chu <hyc@highlandsun.com> wrote:
> I have a sinking feeling that a recent patch to the
> SASL sockbuf routines is
> wrong. However, I've been unable to duplicate this
> bug in my tests.
> 
> Please try this: in libldap/cyrus.c, line 164,
> change the line
> 	if ( size > max ) {
> to
> 	if ( size > SASL_MAX_BUFF_SIZE ) {
> 
> and rebuild OpenLDAP, then see if the problem
> remains.
> 
>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director,
> Highland Sun
>   http://www.symas.com              
> http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support
> 
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On
> Behalf Of Dave Snoopy
> > Sent: Tuesday, June 11, 2002 10:19 PM
> > To: openldap
> > Subject: possible bug in lber library?
> >
> >
> > I'm having a problem doing certain LDAP searches
> > against a Win2K DC, which I think may be due to a
> bug
> > in OpenLDAP's lber library.
> >
> > I am creating a simple tool to securely list users
> and
> > groups on a Win2K DC. For this I've compiled the
> > latest OpenLDAP (2.1.2), with the latest
> Cyrus-SASL
> > (2.1.4), and MIT Kerberos 1.2.5.
> >
> > I use the ldapsearch tool to do my query. I have 2
> > flavors of searches. One which uses simple
> > authentication "-x", and another which uses SASL
> "-X".
> > Both searches work successfully on DCs which have
> a
> > reasonable number of groups.
> >
> > Then QA came in. It seems that if someone creates
> > 1,000 users on a DC, the secure version of my
> > ldapsearch fails (the simple authentication one
> still
> > works though). This is the error I get:
> >
> >   # extended LDIF
> >   #
> >   # LDAPv3
> >   # filter: objectClass=group
> >   # requesting: sAMAccountName objectSID
> >   #
> >   ldap_result: Can't contact LDAP server (81)
> >
> > Using a bunch of printf statements, I traced the
> error
> > to a failed call to "ber_get_next" in
> > libraries/libldap/result.c, which is called from
> > try_read1msg(). The error causes ld->ld_errno to
> be
> > assigned LDAP_SERVER_DOWN (which is not the case).
> >
> > It seems as if something in the lber library can't
> > handle the many responses from my DC. Any thoughts
> as
> > to why? If someone can point me in the right
> > direction, I can try to help debug this some more.
> >
> > --Dave
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! - Official partner of 2002 FIFA World Cup
> > http://fifaworldcup.yahoo.com
> 


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Follow-Ups:
- RE: possible bug in lber library?
  - From: Dave Snoopy <kingsnoopy7@yahoo.com>

References:
- RE: possible bug in lber library?
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: LDAP ssl over PHP
Next by Date: RE: possible bug in lber library?
Index(es):
- Chronological
- Thread