Re: (ITS#4658) syncrepl hangup if using gssapi auth

[hyc@symas.com]

aej@wpi.edu wrote:
> Full_Name: Allan E. Johannesen
> Version: 2.3.27
> OS: Linux EL 4
> URL: 
> Submission from: (NULL) (130.215.24.208)
> 
> 
> I'm using cyrus sasl 2.1.21 which may be significant.
> 
> I found that syncrepl refreshAndPersist would stop working once the initial
> ticket expired, although I had a process renewing the ticket.  Using -d-1 on the
> server, I saw this: 
> 
> SASL [conn=11] Failure: GSSAPI Error: The context has expired (No error)
> sb_sasl_write: failed to encode packet: generic failure
> ldap_write: want=11219 error=Input/output error
> ber_flush failed errno=5 reason="Input/output error"
> connection_closing: readying conn=11 sd=14 for close
> 
> The slave would see no further updates after that.
> 
> I noticed that although the connection was "readied" for close, it never
> closed.

> I'm not suggesting the fix above, but it appears that the master doesn't get
> into a condition where the "ready to close" connection is really closed.

Right, the usual cleanup path doesn't occur because persistent search 
operations are outside the normal flow of control. However, if you have 
an idletimeout set, the connection will get closed after the timeout.

The idletimeout handler ignores connections with active operations, 
including persistent search operations. But after the write failure and 
connection_closing, there will be no active operations on that 
connection, so the idletimeout handler will eventually close it down.

I don't think we can close it immediately; there may be other 
outstanding operations on the connection that need to be given time to 
clean up.

-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc
   OpenLDAP Core Team            http://www.openldap.org/project/