[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6334) hang during ldapmodify

--On Wednesday, October 21, 2009 11:51 AM -0400 Mark Dieterich 
<mkd@cs.brown.edu> wrote:

> Quanah,
>> What was the last OpenLDAP version this worked on, server side?
> After you sent me the pointer to the other ITS, I started trying various
> combinations of ldapmodify and openldap backends to see if I could
> successfully perform this update.  Unfortunately, I have yet to make it
> work.  We first noticed this problem about a five weeks ago.  At the
> time, we were running openldap on a debian etch server (openldap
> 2.3.30).  It looks like the package we were running was from late Oct.
> 2008, so I suspect this operation never would have worked in our
> environment and we just finally hit some threshold.

Ok, thanks.

So Stanford also uses SASL/GSSAPI, and is hitting a similar issue, except 
on read instead of modify.  When I take SASL/GSSAPI out of the picture, the 
search works fine.  Are you able to test doing a simple bind with the 
modify to the server and seeing if that works?

I was hoping it was some change on the 2.4 server side that caused the 
issue.  I'm able to reproduce Stanford's issue 100% on Linux systems as 
clients, going back to Heimdal 0.7.2 or MIT krb5 1.5.something, cyrus-sasl 
2.1.18->2.1.23, OpenLDAP 2.2.13->2.4.19, openssl 0.9.8a->0.9.8k, and gcc 
3.3.5->gcc 4.1.2.

However, if I use a Solaris Sparc system with SASL/GSSAPI, I never see the 
problem, regardless of Kerberos, cyrus-sasl, openssl, gcc, or openldap 



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration