[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL slurpd to multi-slaves not working (ITS#995)



Thanks for the bug reports.

Did you actually find that all LDAP/SASL calls need to be within
the lock?  I suspect only ldap_interactive_sasl_bind_s() needs to be
protected.  If so, the locking could be done easily moved into -lldap_r
(behind #ifdef LDAP_R_COMPILE).

At 08:17 PM 1/26/01 +0000, yenbut@cs.washington.edu wrote:
>Full_Name: Voradesh Yenbut
>Version: 2.0.7
>OS: FreeBSD 3.4
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (128.95.2.204)
>
>
>We have replicas set up in slapd.conf similar to the following:
>
>replica         host=slave1.cs.washington.edu:389
>                bindmethod=sasl saslmech=GSSAPI
>                authcID=master@CS.WASHINGTON.EDU
>                srvtab=/etc/krb5.keytab
>
>replica         host=slave2.cs.washington.edu:389
>                bindmethod=sasl saslmech=GSSAPI
>                authcID=master@CS.WASHINGTON.EDU
>                srvtab=/etc/krb5.keytab
>
>If we have only one replica, slurpd works fine.  If there are two replicas
>as set up above, slurpd will get stuck.
>
>The following patch seems to correct the problem:
>
>--- servers/slurpd/ldap_op.c    2001/01/26 01:50:44     1.1
>+++ servers/slurpd/ldap_op.c    2001/01/26 02:00:27
>@@ -611,6 +611,8 @@
>     int                ldrc;
> #ifdef HAVE_CYRUS_SASL
>        void *defaults;
>+       static  ldap_pvt_thread_mutex_t  sasl_mutex; /* mutex for this sasl */
>+
> #endif
> 
> 
>@@ -719,6 +721,7 @@
>                ri->ri_hostname, ri->ri_authcId, ri->ri_saslmech );
> 
> #ifdef HAVE_CYRUS_SASL
>+       ldap_pvt_thread_mutex_lock(&sasl_mutex);
>        if( ri->ri_secprops != NULL ) {
>                int err;
>                err = ldap_set_option(ri->ri_ldp, LDAP_OPT_X_SASL_SECPROPS,
>@@ -730,6 +733,7 @@
>                                ri->ri_hostname, ri->ri_secprops, NULL );
>                        ldap_unbind( ri->ri_ldp );
>                        ri->ri_ldp = NULL;
>+                       ldap_pvt_thread_mutex_unlock(&sasl_mutex);
>                        return BIND_ERR_SASL_FAILED;
>                }
>        }
>@@ -745,8 +749,10 @@
>                *lderr = ldrc;
>                ldap_unbind( ri->ri_ldp );
>                ri->ri_ldp = NULL;
>+               ldap_pvt_thread_mutex_unlock(&sasl_mutex);
>                return( BIND_ERR_SASL_FAILED );
>        }
>+       ldap_pvt_thread_mutex_unlock(&sasl_mutex);
>        break;
> #else
>        Debug( LDAP_DEBUG_ANY,