[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5363) ldapsearch hangs when using ldap for host in nsswitch

rra@stanford.edu writes:

> ldapsearch calls getaddrinfo inside a mutex because on many systems it's
> not thread-safe.  However, this means that if libnss-ldap is in use and
> pointing to LDAP for host information, we get deadlock.  ldapsearch
> calls getaddrinfo(), which calls into libnss-ldap, which tries to open a
> connection, which then hits the same lock inside the LDAP libraries.

Oh, and incidentally, if you're wondering why ldapsearch is using
libldap_r and hence getting this mutex at all, it's because of the issue
that I raised on openldap-technical (which I can also file an ITS about if
it would be appropriate).  We can't ship both libldap and libldap_r and
have some applications linked against one and some against the other
because they expose the same symbols and it's caused problems in the past.

Right now, pending advice, we're taking the easiest possible solution and
just linking everything against libldap_r.

But this particular problem probably wouldn't happen without that.  So one
solution may be to fix *that* problem, and any advice there is most
definitely welcome.  (However, I would expect any slapd backend that
itself did a search to possibly have this same issue, so fixing ldapsearch
may not fix the full problem.)

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>