[Date Prev][Date Next]
(ITS#5185) assertion failure in back-meta when the remote directory does not answer a bind request within the time allotted
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#5185) assertion failure in back-meta when the remote directory does not answer a bind request within the time allotted
- From: email@example.com
- Date: Sat, 13 Oct 2007 02:56:34 GMT
Full_Name: Matthew Hardin
Submission from: (NULL) (220.127.116.11)
Remote directory servers that do not answer a bind request within the timeout
period will cause an assertion failure in back-meta.
The meta_back_bind() function calls either meta_back_proxy_authz_bind() if the
bind is taking place with back_meta's rootdn or meta_back_single_bind() if it's
Once they make the appropriate bind function call, each of these functions calls
meta_back_bind_op_result() to process the result of the bind. Neither
meta_back_proxy_authz_bind() or meta_back_single_bind() set the
When meta_back_bind_op_result() calls ldap_result(), one of the possible return
codes is 0, and meta_back_bind_op_result() will repeat the ldap_result() call,
provided the timeout hasn't been exceeded or back-meta has been told not to
If the wait time has been exceeded the code falls through to an
assert(LDAP_BACK_CONN_BINDING(msc)) statement. This assert is only valid when
meta_back_do_bind() has made the function call, and it will fail if either
meta_back_proxy_authz_bind() or meta_back_single_bind() made the function call.
The correct fix would seem to be to remove the assert(), since in two out of
three cases the meta_back_bind_op_result() function is being called with the
LDAP_BACK_CONN_BINDING state not set.
It is also possible to set and clear the LDAP_BACK_CONN_BINDING state as
appropriate from the other two funcions that call it, but this seems incorrect,
as the LDAP_BACK_CONN_BINDING state is only manipulated in the
meta_back_single_dobind() direct bind function.