[Date Prev][Date Next] [Chronological] [Thread] [Top]

Issues with SSL/TLS + GSSAPI when modifying uniqueMember attribute (bug???)


With OpenLDAP + TLS/SSL + GSSAPI, trying to modify the value of the multivalued attribute uniqueMember to ["uid=user1,ou=People,dc=example,dc=com", "uid=user2,ou=People,dc=example,dc=com", "uid=user3,ou=People,dc=example,dc=com", ...] hangs when the number of members cross 398. If instead of user1, user2, user3, ... I use usr1, usr2, usr3 ... then also it hangs but that was when the number of members cross 408. Further using u1, u2, u3, ... it hangs when the number of members cross 430. I couldn't figure out the reason for this behaviour.

Either way the solution to the problem seemed to be in setting maxssf to 0. Below is an example command on how I used this property:

$ LDAPSASL_SECPROPS="maxssf=0" LDAPTLS_CACERT=/etc/ssl/certs/rootcacert-dbs.example.com.pem ldapmodify -H "ldap://dbs.example.com"; -Y GSSAPI -f data.ldif -ZZ

Is the hanging anticipated behaviour? Is setting maxssf=0 the proper solution or is there a better solution?