[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.1 (?) on RedHat Enterprise summary

On Thursday, May 6, 2004, at 01:49 PM, Quanah Gibson-Mount wrote:
No symbol polluting. We install all the libraries into /usr/local/, and that works just fine. Note that OpenLDAP is a multi-threaded application, which is why this matters. I found that the entire application stack (openssl,cyrus-sasl,openldap) became unstable when using MIT Kerberos, even if I was simply doing anonymous binds to the OpenLDAP server.

I'm using MIT on RHE3, with my own posix mutex patch to cyrus-sasl gssapi.c.
Heavy concurrent GSSAPI connection load works fine. Without the patch,
concurrent GSSAPI connections were trouble, but isolated GSSAPI still
worked, and heavily concurrent SASL EXTERNAL access worked fine either
way. I don't know why non-GSSAPI functions would ever be compromised
by the presence of the MIT krb5 library - maybe it brings along some
unhelpful library, or maybe the damage from concurrent GSSAPI access
survives to plague some other connection, but either explanation seems
tenuous to me.

	Donn Cave, donn@u.washington.edu