[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL slurpd to multi-slaves not working (ITS#995)
Thanks for the bug reports.
Did you actually find that all LDAP/SASL calls need to be within
the lock? I suspect only ldap_interactive_sasl_bind_s() needs to be
protected. If so, the locking could be done easily moved into -lldap_r
(behind #ifdef LDAP_R_COMPILE).
At 08:17 PM 1/26/01 +0000, yenbut@cs.washington.edu wrote:
>Full_Name: Voradesh Yenbut
>Version: 2.0.7
>OS: FreeBSD 3.4
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (128.95.2.204)
>
>
>We have replicas set up in slapd.conf similar to the following:
>
>replica host=slave1.cs.washington.edu:389
> bindmethod=sasl saslmech=GSSAPI
> authcID=master@CS.WASHINGTON.EDU
> srvtab=/etc/krb5.keytab
>
>replica host=slave2.cs.washington.edu:389
> bindmethod=sasl saslmech=GSSAPI
> authcID=master@CS.WASHINGTON.EDU
> srvtab=/etc/krb5.keytab
>
>If we have only one replica, slurpd works fine. If there are two replicas
>as set up above, slurpd will get stuck.
>
>The following patch seems to correct the problem:
>
>--- servers/slurpd/ldap_op.c 2001/01/26 01:50:44 1.1
>+++ servers/slurpd/ldap_op.c 2001/01/26 02:00:27
>@@ -611,6 +611,8 @@
> int ldrc;
> #ifdef HAVE_CYRUS_SASL
> void *defaults;
>+ static ldap_pvt_thread_mutex_t sasl_mutex; /* mutex for this sasl */
>+
> #endif
>
>
>@@ -719,6 +721,7 @@
> ri->ri_hostname, ri->ri_authcId, ri->ri_saslmech );
>
> #ifdef HAVE_CYRUS_SASL
>+ ldap_pvt_thread_mutex_lock(&sasl_mutex);
> if( ri->ri_secprops != NULL ) {
> int err;
> err = ldap_set_option(ri->ri_ldp, LDAP_OPT_X_SASL_SECPROPS,
>@@ -730,6 +733,7 @@
> ri->ri_hostname, ri->ri_secprops, NULL );
> ldap_unbind( ri->ri_ldp );
> ri->ri_ldp = NULL;
>+ ldap_pvt_thread_mutex_unlock(&sasl_mutex);
> return BIND_ERR_SASL_FAILED;
> }
> }
>@@ -745,8 +749,10 @@
> *lderr = ldrc;
> ldap_unbind( ri->ri_ldp );
> ri->ri_ldp = NULL;
>+ ldap_pvt_thread_mutex_unlock(&sasl_mutex);
> return( BIND_ERR_SASL_FAILED );
> }
>+ ldap_pvt_thread_mutex_unlock(&sasl_mutex);
> break;
> #else
> Debug( LDAP_DEBUG_ANY,