[Date Prev][Date Next]
Re: (ITS#4658) syncrepl hangup if using gssapi auth
> Full_Name: Allan E. Johannesen
> Version: 2.3.27
> OS: Linux EL 4
> Submission from: (NULL) (220.127.116.11)
> I'm using cyrus sasl 2.1.21 which may be significant.
> I found that syncrepl refreshAndPersist would stop working once the initial
> ticket expired, although I had a process renewing the ticket. Using -d-1 on the
> server, I saw this:
> SASL [conn=11] Failure: GSSAPI Error: The context has expired (No error)
> sb_sasl_write: failed to encode packet: generic failure
> ldap_write: want=11219 error=Input/output error
> ber_flush failed errno=5 reason="Input/output error"
> connection_closing: readying conn=11 sd=14 for close
> The slave would see no further updates after that.
> I noticed that although the connection was "readied" for close, it never
> I'm not suggesting the fix above, but it appears that the master doesn't get
> into a condition where the "ready to close" connection is really closed.
Right, the usual cleanup path doesn't occur because persistent search
operations are outside the normal flow of control. However, if you have
an idletimeout set, the connection will get closed after the timeout.
The idletimeout handler ignores connections with active operations,
including persistent search operations. But after the write failure and
connection_closing, there will be no active operations on that
connection, so the idletimeout handler will eventually close it down.
I don't think we can close it immediately; there may be other
outstanding operations on the connection that need to be given time to
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/