[Date Prev][Date Next]
(ITS#4494) connections are not asynchrounous
Full_Name: Larry Morris
Submission from: (NULL) (220.127.116.11)
If I use a URL like ldaps://blah:999 to connect to an LDAP server and the LDAP
server accepts TCP connections but does not respond to the SSL handshake, the
connection will hang forever. The application is blocked while waiting for the
connection to complete.
You can simulate this failure case by running slapd, then suspend it using a
STOP signal. Any LDAP client connections attempted in this state will hang
until the server is resumed (CONT signal) or killed.
I first became aware of this problem in the 2.1.12 version, but it still exists
in the 2.3.20 version.
I have coded a partial fix for my own purposes based on the 2.3.20 version.
This fix does not handle multiple servers in a URL, and does not deal with
referals. I would be happy to provide diffs for this if they would be useful.
The ldaps: problem highlights the underlying issue that connections are done in
a blocking/synchronous fashion. Chasing referals will have the same issue when
a remote LDAP server does not respond to a bind in a timely fashion. It would
be OK if the connection attempts and operations never completed, but blocking
the entire application is unacceptable.