[Date Prev][Date Next] [Chronological] [Thread] [Top]

2.1.30 slpad endless loop with DIGEST-MD5


I have a Debian Sarge system, which uses OpenLDAP 2.1.30 and Cyrus-SASL 
2.1.19. Everything works fine, for
i)  anonymous binds
ii) GSSAPI binds
with or without TLS.

However, using SASL DIGEST-MD5 (seen it with CRAM-MD5 as well, but don't want 
to use it) is likely to put the slapd thread into a mostly endless loop 
(slapd -1):

connection_get(12): got connid=0
connection_write(12): waking output for id=0

iterating to no end. In very rare cases slapd recovers and the authentication 
works successfully!

The client reports something like this:
#> ldapsearch -U mailadmin -W -b 'ou=mailbox,dc=uac,dc=mgr' -Y DIGEST-MD5
Enter LDAP Password:
SASL/DIGEST-MD5 authentication started
*** hang ***

The problem became worse, without me knowingly changing anything. In the 
beginning the problem did usually only appear with TLS. Now, it hits me in 
either way.

Any ideas where the problem may be?

Best regards,
 - lars.