[Date Prev][Date Next]
Re: (ITS#4042) DNS Resolver BUG in OPENLDAP
The 2.0.27 release is a few years old and has not been supported for
quite a long time. Please update to a current release (2.2.28 or 2.3.7
are the latest available) and see if the problem remains. Bugs reported
in obsolete releases will not be investigated.
> Full_Name: Jason Sauve
> Version: openldap-clients-2.0.27-17
> OS: RHEL AS 3
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (18.104.22.168)
> There seems to be a bug with the openldap client library.
> I have configured three LDAP servers in /etc/ldap.conf as:
> base dc=robarts,dc=ca
> host ldap1.robarts.ca ldap2.robarts.ca ldap3.robarts.ca
> However in DNS there are additional A Records that our domain ROBARTS.CA
> resolves to other than just these ldap servers mentioned above.
> What the ldap client library is doing overriding the host line and resolving
> ROBARTS.CA and attempting to connect to the A record returned by DNS (because
> BIND is round-robin the probability of hitting any IP is approximately equal).
> Hence it will hang for BIND_TIMELIMIT in /etc/ldap.conf as it cannot connect to
> the IP as it is not a valid LDAP server.
> I've turned on debugging for the client library and seen that the connect() call
> is in fact attempting to connect to the other IP's that are registered in DNS.
> Should the ldap.conf host line not override this behaviour? The 'easy' answer
> would be to remove the additional A records from my DNS server, but that would
> not resolve the real issue.
> I've also attempted to set the following instead of using the host line (to no
> uri ldap://ldap1.robarts.ca/
> uri ldap://ldap2.robarts.ca/
> uri ldap://ldap3.robarts.ca/
> As a last resort I modified /etc/hosts and tried this also (again to no avail)
> 22.214.171.124 ROBARTS.CA ldap1.robarts.ca
> 126.96.36.199 ROBARTS.CA ldap2.robarts.ca
> 188.8.131.52 ROBARTS.CA ldap3.robarts.ca
> Any help would be appreciated as I suspect this is a software bug.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/