[Date Prev][Date Next] [Chronological] [Thread] [Top]

possible bug in lber library?

To: openldap <openldap-software@OpenLDAP.org>
Subject: possible bug in lber library?
From: Dave Snoopy <kingsnoopy7@yahoo.com>
Date: Tue, 11 Jun 2002 22:19:10 -0700 (PDT)

I'm having a problem doing certain LDAP searches
against a Win2K DC, which I think may be due to a bug
in OpenLDAP's lber library.

I am creating a simple tool to securely list users and
groups on a Win2K DC. For this I've compiled the
latest OpenLDAP (2.1.2), with the latest Cyrus-SASL
(2.1.4), and MIT Kerberos 1.2.5. 

I use the ldapsearch tool to do my query. I have 2
flavors of searches. One which uses simple
authentication "-x", and another which uses SASL "-X".
Both searches work successfully on DCs which have a
reasonable number of groups.

Then QA came in. It seems that if someone creates
1,000 users on a DC, the secure version of my
ldapsearch fails (the simple authentication one still
works though). This is the error I get:

  # extended LDIF
  #
  # LDAPv3
  # filter: objectClass=group
  # requesting: sAMAccountName objectSID
  #
  ldap_result: Can't contact LDAP server (81)

Using a bunch of printf statements, I traced the error
to a failed call to "ber_get_next" in
libraries/libldap/result.c, which is called from
try_read1msg(). The error causes ld->ld_errno to be
assigned LDAP_SERVER_DOWN (which is not the case).

It seems as if something in the lber library can't
handle the many responses from my DC. Any thoughts as
to why? If someone can point me in the right
direction, I can try to help debug this some more.

--Dave

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Follow-Ups:
- RE: possible bug in lber library?
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: Re: LDAP logging, where is supposed to be?
Next by Date: RE: possible bug in lber library?
Index(es):
- Chronological
- Thread