[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6056) Samba4 breaks OpenLDAP over ldapi

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Tue, 2009-05-26 at 04:26 -0700, Howard Chu wrote:
> abartlet@samba.org wrote:
> > Full_Name: Andrew Bartlett
> > Version: CVS HEAD
> > OS: Fedora 10
> > URL: ftp://ftp.openldap.org/incoming/
> > Submission from: (NULL) (
> >
> >
> > Samba4's provision and 'make test' seems to create some internal situat=
ion in
> > OpenLDAP slapd where it will not accept any more connections over ldapi=
> >
> > This is best seen by building Samba4, and running
> >
> > TEST_LDAP=3Dyes OPENLDAP_ROOT=3D/usr/local make test
> >
> > The slapd does not crash, but simply stops accepting new connections.  =
> > currently then crashes due to some other bug (the LDAP backend not resp=
onding is
> > clearly untested code in Samba4).
> >
> > It isn't a Samba4 client bug, as ldapsearch also fails to respond.
> >
> > This seems very, very similar to ITS#5261
> Further testing with Andrew's kvm image shows the hang only occurs when C=
> SASL's libsasldb2.so plugin is present. I always remove that plugin from =
> installs, since I only use in-directory SASL secrets. That's probably why=
> wasn't seeing the reported behavior before.

Very interesting result!

> Also a note - it's still not clear we've been talking about the same thin=
g up=20
> to this point. Even when the samba test suite hangs, I see that ldapsearc=
> still works fine against slapd. At any rate, currently all of the samba4 =
> pass for me.

Samba4 always uses SASL credentials these days (trying to avoid simple
binds).  Perhaps it's time to investigate EXTERNAL if it would avoid
some of this pain (but we should also try and fix the real bug here, if
at all possible). =20

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

Version: GnuPG v1.4.9 (GNU/Linux)