[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4042) DNS Resolver BUG in OPENLDAP

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4042) DNS Resolver BUG in OPENLDAP
From: hyc@symas.com
Date: Tue, 27 Sep 2005 14:28:58 GMT

The 2.0.27 release is a few years old and has not been supported for 
quite a long time. Please update to a current release (2.2.28 or 2.3.7 
are the latest available) and see if the problem remains. Bugs reported 
in obsolete releases will not be investigated.

jason@robarts.ca wrote:
> Full_Name: Jason Sauve
> Version: openldap-clients-2.0.27-17
> OS: RHEL AS 3
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (198.20.37.85)
>
>
> There seems to be a bug with the openldap client library. 
>
> I have configured three LDAP servers in /etc/ldap.conf as:
>
> base dc=robarts,dc=ca
> host ldap1.robarts.ca ldap2.robarts.ca ldap3.robarts.ca
>
> However in DNS there are additional A Records that our domain ROBARTS.CA
> resolves to other than just these ldap servers mentioned above.
>
> What the ldap client library is doing overriding the host line and resolving
> ROBARTS.CA and attempting to connect to the A record returned by DNS (because
> BIND is round-robin the probability of hitting any IP is approximately equal).
> Hence it will hang for BIND_TIMELIMIT in /etc/ldap.conf as it cannot connect to
> the IP as it is not a valid LDAP server.
>
> I've turned on debugging for the client library and seen that the connect() call
> is in fact attempting to connect to the other IP's that are registered in DNS.
>
> Should the ldap.conf host line not override this behaviour? The 'easy' answer
> would be to remove the additional A records from my DNS server, but that would
> not resolve the real issue.
>
> I've also attempted to set the following instead of using the host line (to no
> avail)
>
> uri ldap://ldap1.robarts.ca/
> uri ldap://ldap2.robarts.ca/
> uri ldap://ldap3.robarts.ca/
>
> As a last resort I modified /etc/hosts and tried this also (again to no avail)
> 1.1.1.1 ROBARTS.CA ldap1.robarts.ca
> 2.2.2.2 ROBARTS.CA ldap2.robarts.ca
> 3.3.3.3 ROBARTS.CA ldap3.robarts.ca
>
> Any help would be appreciated as I suspect this is a software bug.
>
>
>
>
>   


-- 
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/

Prev by Date: Re: (ITS#4025) Ppolicy overlay: objectIdentifierMatch rule doesn't understand descriptions
Next by Date: (ITS#4045) test023-refint & sql-test000-read buglets
Index(es):
- Chronological
- Thread