[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4042) DNS Resolver BUG in OPENLDAP

The 2.0.27 release is a few years old and has not been supported for 
quite a long time. Please update to a current release (2.2.28 or 2.3.7 
are the latest available) and see if the problem remains. Bugs reported 
in obsolete releases will not be investigated.

jason@robarts.ca wrote:
> Full_Name: Jason Sauve
> Version: openldap-clients-2.0.27-17
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> There seems to be a bug with the openldap client library. 
> I have configured three LDAP servers in /etc/ldap.conf as:
> base dc=robarts,dc=ca
> host ldap1.robarts.ca ldap2.robarts.ca ldap3.robarts.ca
> However in DNS there are additional A Records that our domain ROBARTS.CA
> resolves to other than just these ldap servers mentioned above.
> What the ldap client library is doing overriding the host line and resolving
> ROBARTS.CA and attempting to connect to the A record returned by DNS (because
> BIND is round-robin the probability of hitting any IP is approximately equal).
> Hence it will hang for BIND_TIMELIMIT in /etc/ldap.conf as it cannot connect to
> the IP as it is not a valid LDAP server.
> I've turned on debugging for the client library and seen that the connect() call
> is in fact attempting to connect to the other IP's that are registered in DNS.
> Should the ldap.conf host line not override this behaviour? The 'easy' answer
> would be to remove the additional A records from my DNS server, but that would
> not resolve the real issue.
> I've also attempted to set the following instead of using the host line (to no
> avail)
> uri ldap://ldap1.robarts.ca/
> uri ldap://ldap2.robarts.ca/
> uri ldap://ldap3.robarts.ca/
> As a last resort I modified /etc/hosts and tried this also (again to no avail)
> ROBARTS.CA ldap1.robarts.ca
> ROBARTS.CA ldap2.robarts.ca
> ROBARTS.CA ldap3.robarts.ca
> Any help would be appreciated as I suspect this is a software bug.

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/