[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: possible bug in lber library?
I don't know of how much help it will be, but I found
where the problem in ber_get_next is occuring.
On line 482 of libraries/liblber/io.c, ber_get_next
returns LBER_DEFAULT. This causes the caller, in
result.c, to return the error previously mentioned.
Does anyone who knows the code understand why this is
happening? Is it likely a problem with OpenLDAP, or
with a bad response from my domain controller? I'll be
glad to help debug this if possible.
Thanks,
Dave
--- Dave Snoopy <kingsnoopy7@yahoo.com> wrote:
> This didn't fix the problem. I'll try to discover
> specifically why ber_get_next is failing, and post
> my
> findings. If you can think of anything else to try,
> please let me know.
>
> Thanks,
> Dave
>
> --- Howard Chu <hyc@highlandsun.com> wrote:
> > I have a sinking feeling that a recent patch to
> the
> > SASL sockbuf routines is
> > wrong. However, I've been unable to duplicate this
> > bug in my tests.
> >
> > Please try this: in libldap/cyrus.c, line 164,
> > change the line
> > if ( size > max ) {
> > to
> > if ( size > SASL_MAX_BUFF_SIZE ) {
> >
> > and rebuild OpenLDAP, then see if the problem
> > remains.
> >
> > -- Howard Chu
> > Chief Architect, Symas Corp. Director,
> > Highland Sun
> > http://www.symas.com
> > http://highlandsun.com/hyc
> > Symas: Premier OpenSource Development and
> Support
> >
> > > -----Original Message-----
> > > From: owner-openldap-software@OpenLDAP.org
> > > [mailto:owner-openldap-software@OpenLDAP.org]On
> > Behalf Of Dave Snoopy
> > > Sent: Tuesday, June 11, 2002 10:19 PM
> > > To: openldap
> > > Subject: possible bug in lber library?
> > >
> > >
> > > I'm having a problem doing certain LDAP searches
> > > against a Win2K DC, which I think may be due to
> a
> > bug
> > > in OpenLDAP's lber library.
> > >
> > > I am creating a simple tool to securely list
> users
> > and
> > > groups on a Win2K DC. For this I've compiled the
> > > latest OpenLDAP (2.1.2), with the latest
> > Cyrus-SASL
> > > (2.1.4), and MIT Kerberos 1.2.5.
> > >
> > > I use the ldapsearch tool to do my query. I have
> 2
> > > flavors of searches. One which uses simple
> > > authentication "-x", and another which uses SASL
> > "-X".
> > > Both searches work successfully on DCs which
> have
> > a
> > > reasonable number of groups.
> > >
> > > Then QA came in. It seems that if someone
> creates
> > > 1,000 users on a DC, the secure version of my
> > > ldapsearch fails (the simple authentication one
> > still
> > > works though). This is the error I get:
> > >
> > > # extended LDIF
> > > #
> > > # LDAPv3
> > > # filter: objectClass=group
> > > # requesting: sAMAccountName objectSID
> > > #
> > > ldap_result: Can't contact LDAP server (81)
> > >
> > > Using a bunch of printf statements, I traced the
> > error
> > > to a failed call to "ber_get_next" in
> > > libraries/libldap/result.c, which is called from
> > > try_read1msg(). The error causes ld->ld_errno to
> > be
> > > assigned LDAP_SERVER_DOWN (which is not the
> case).
> > >
> > > It seems as if something in the lber library
> can't
> > > handle the many responses from my DC. Any
> thoughts
> > as
> > > to why? If someone can point me in the right
> > > direction, I can try to help debug this some
> more.
> > >
> > > --Dave
> > >
> > >
> __________________________________________________
> > > Do You Yahoo!?
> > > Yahoo! - Official partner of 2002 FIFA World Cup
> > > http://fifaworldcup.yahoo.com
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! - Official partner of 2002 FIFA World Cup
> http://fifaworldcup.yahoo.com
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com