Re: ldap_set_option() performs blocking name resolution during initalization

[Howard Chu <hyc@symas.com>]

Jakub Hrozek wrote:
> On Wed, 2014-06-11 at 08:41 +0200, Jan Synacek wrote:
> > Is it intentional? If yes, could you please explain why, or point me to
> > a documentation where I can find the answer?
> >
> > A backtrace and a snippet of code follow:

> > #8  0x00007fda39c9e163 in __gethostbyname_r (
> >      name=name@entry=0x7fff2548d140 "client.example.com",
> >      resbuf=resbuf@entry=0x7fff2548d120, buffer=0x1f33590 "\177", buflen=buflen@entry=992,
> >      result=result@entry=0x7fff2548d118, h_errnop=h_errnop@entry=0x7fff2548d10c)
> >      at ../nss/getXXbyYY_r.c:266
> > #9  0x00007fda3bb1b3de in ldap_pvt_gethostbyname_a (
> >      name=name@entry=0x7fff2548d140 "client.example.com",
> >      resbuf=resbuf@entry=0x7fff2548d120, buf=buf@entry=0x7fff2548d110,
> >      result=result@entry=0x7fff2548d118, herrno_ptr=herrno_ptr@entry=0x7fff2548d10c)
> >      at util-int.c:350
> > #10 0x00007fda3bb1b5d0 in ldap_pvt_get_fqdn (name=0x7fff2548d140 "client.example.com",
> >      name@entry=0x0) at util-int.c:748
> > #11 0x00007fda3bb19b47 in ldap_int_initialize (
> >      gopts=gopts@entry=0x7fda3bd40000 <ldap_int_global_options>, dbglvl=dbglvl@entry=0x0)
> >      at init.c:645
> > #12 0x00007fda3bb1a627 in ldap_set_option (ld=0x0, option=24582, invalue=0x7fff2548d2b0)
> >      at options.c:446
> > #13 0x00007fda30951cf6 in setup_tls_config (basic_opts=0x1f30450)
> >      at src/providers/ldap/sdap.c:533
> > #14 0x00007fda308214b3 in ldap_id_init_internal (bectx=0x1f12b40, ops=0x1f12cb0,
> >      pvt_data=0x7fff2548d5e8) at src/providers/ldap/ldap_init.c:146
> > #15 0x00007fda30821ba0 in sssm_ldap_id_init (bectx=0x1f12b40, ops=0x1f12cb0,
> >      pvt_data=0x1f12cb8) at src/providers/ldap/ldap_init.c:199
> > #16 0x000000000041b227 in load_backend_module (ctx=0x1f12b40, bet_type=BET_ID,
> >      bet_info=0x1f12ca8, default_mod_name=0x0) at src/providers/data_provider_be.c:2346
> > #17 0x000000000041ce4c in be_process_init (mem_ctx=0x1f0ba80,
> >      be_domain=0x1f093f0 "localipaldap", ev=0x1f0a630, cdb=0x1f0bb90)
> >      at src/providers/data_provider_be.c:2520
> > #18 0x000000000041fde6 in main (argc=3, argv=0x7fff2548e008)
> >      at src/providers/data_provider_be.c:2743
> >
> >   735         /* LDAP_OPT_X_TLS_REQUIRE_CERT has to be set as a global option,
> >   736          * because the SSL/TLS context is initialized from this value. */
> >   737         ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
> >   738                               &ldap_opt_x_tls_require_cert);
> >   739         if (ret != LDAP_OPT_SUCCESS) {
> >   740             DEBUG(SSSDBG_CRIT_FAILURE,
> >   741                   "ldap_set_option failed: %s\n",sss_ldap_err2string(ret));
> >   742             return EIO;
> >   743         }
> >
> > Thanks,
>
> Hi,
>
> I already replied on the 18th, but I sent the mail to Jan only by
> accident. I'm copying my previous reply below:
>
> FWIW, the backtrace comes from the SSSD. Only frames #14 and up are
> really relevant.
>
> Since SSSD is often used in some kind of offline mode (either
> completely offline or just not connected to the VPN), startup should
> in my opinion be non-blocking.
>
> Could there maybe be an option to pass in the hostname during
> initialization instead of having openldap figure it out? I'm fine with
> contributing a patch, if we agree on what the direction should be.

Put the hostname in /etc/hosts, end of story.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/