Re: Slapd crashing again, three different reasons?

[Daniel Henninger <daniel@ncsu.edu>]

> --On April 30, 2007 9:58:07 AM -0400 Daniel Henninger  
> <daniel@ncsu.edu> wrote:
>
> > Hi folk,
> >
> > First off, let me say that per our last conversation about this, I  
> > have
> > not yet rebuild cyrus-sasl/openldap against a different Kerberos  
> > dist.
> > (I was going to build against 1.5.. right now I'm at 1.2.8.. we  
> > tend to
> > steer clear of Heimdal)  Anyway, on April 28th, at 12:05AM, all  
> > three of
> > our slave servers' slapds died.  All for apparently different  
> > reasons:
>
>
> Why do you "steer clear" of Heimdal for linking the server  
> libraries against?  In any case, MIT Krb5 1.2 is known to not be  
> thread safe.

History.  In the past when I had tried to use heimdal with something  
else it caused a wealth of problems.  That may not be the case now,  
but I don't really see the point in using multiple implementations of  
Kerberos if I can avoid it so I have never gone back to reevaluate.  =)

So that's what the problem is with 1.2?  Not thread safe?  Ok.   
That's good to know!

> > Now, the second one is most likely the "recompile it against a  
> > different Kerberos" issue.  However, the last seems to be directly  
> > SSL related and
> > the first ... I have no idea about the first.  We have openldap built
> > against openssl 0.9.7i.
>
> Never had an issue with OpenSSL like you are seeing.

Hrm.  What version are you built against?

> > Any suggestions?  =(  I know many of you are running this under  
> > Solaris.
> > Anyone had any particular problems doing so?
>
> Never saw any.

Hrm.  I can't help but think I may have something configured around  
at the kernel level (/etc/system) but I don't see anything in  
particular that I may have done wrong there.  I'll at least try to  
narrow down away from the kerberos issues soonish.  It's just weird  
that all three croaked at the same time.  =)

Thanks!

Daniel