[Date Prev][Date Next] [Chronological] [Thread] [Top]

Debug mode "fixes" authentication issue - race condition?

To: openldap-bugs@openldap.org
Subject: Debug mode "fixes" authentication issue - race condition?
From: Neil Garratt <ngarratt@gmail.com>
Date: Thu, 19 Feb 2009 10:23:00 +0200

Hi

I'm testing OpenLDAP 2.3.27 (RPM) on Centos 5.2, used as a reverse
proxy to AD. When slapd is run with debugging disabled (or set to 0),
search requests throw the following error:

DSID-0C090627: In order to perform this operation a successful bind
must be completed on the connection.

When run with any other debug value, it returns the results correctly.
In both cases, the logs show a successful bind with the acl-bind user,
the search finds the correct result, and acl's show access granted to
read. The only difference is what is returned

Non-working:
Feb 19 11:17:20 localhost slapd[2916]: conn=0 op=1 ENTRY dn="cn=neil
garratt,ou=admins,ou=users,ou=cape town,ou=networks
unlimited,dc=nu,dc=local"
Feb 19 11:17:20 localhost slapd[2916]: <= send_search_entry: conn 0 exit.
Feb 19 11:17:20 localhost slapd[2916]: send_ldap_result: conn=0 op=1 p=3
Feb 19 11:17:20 localhost slapd[2916]: send_ldap_result: err=1
matched="" text="00000000: LdapErr: DSID-0C090627, comment: In order
to perform this operation a successful bind must be completed on the
connection., data 0, vece"
Feb 19 11:17:20 localhost slapd[2916]: send_ldap_response: msgid=2 tag=101 err=1
Feb 19 11:17:20 localhost slapd[2916]: conn=0 op=1 SEARCH RESULT
tag=101 err=1 nentries=1 text=00000000: LdapErr: DSID-0C090627,
comment: In order to perform this operation a successful bind must be
completed on the connection., data 0, vece


Working:
Feb 19 11:18:42 localhost slapd[2949]: conn=0 op=1 ENTRY dn="cn=neil
garratt,ou=admins,ou=users,ou=cape town,ou=networks
unlimited,dc=nu,dc=local"
Feb 19 11:18:42 localhost slapd[2949]: <= send_search_entry: conn 0 exit.
Feb 19 11:18:42 localhost slapd[2949]: send_ldap_result: conn=0 op=1 p=3
Feb 19 11:18:42 localhost slapd[2949]: send_ldap_result: err=0
matched="" text=""
Feb 19 11:18:42 localhost slapd[2949]: send_ldap_response: msgid=2 tag=101 err=0
Feb 19 11:18:42 localhost slapd[2949]: conn=0 op=1 SEARCH RESULT
tag=101 err=0 nentries=1 text=



slapd.conf:
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to *
 by self write
 by users read
 by anonymous auth

loglevel any

database ldap
suffix  "dc=nu,dc=local"
uri  "ldap://cptdc1.nu.local";
acl-bind bindmethod=simple binddn="CN=LDAP,OU=Service
Accounts,DC=nu,DC=local" credentials="xxxxxxxxxxxx"

Follow-Ups:
- Re: Debug mode "fixes" authentication issue - race condition?
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: (ITS#5959) back-meta doesn't detect illegal values
Next by Date: OpenLDAP crashes with segfault
Index(es):
- Chronological
- Thread