[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6383) Very Slow Query Response
--On November 18, 2009 9:39:02 AM +0000 Bill MacAllister <whm@stanford.edu>
wrote:
>> For historical note this was caused by Cyrus-sasl being built
>> incorrectly by the debian packagers when heimdal is used.
>>
>
> I don't understand why you refer to this finding as historical.
Not a historical finding. As a record for anyone who comes across this ITS
and wants to know what was found.
> If I
> am reading this correctly you and Howard have found the underlying
> cause. Now that the problem is understood can you suggest a way for
> us to cause the problem in our test environments? At this point we
> will really need to convince ourselves that the problem is indeed fixed
> before we try to deploy 2.4 in our production environment again.
To note, first off, this issue was not a bug in OpenLDAP, and the project
went beyond its scope in tracking down why cyrus-sasl was behaving the way
it was. Finding out test cases for you to explore is also beyond the scope
of the OpenLDAP project when dealing with non-OpenLDAP issues.
However, given what is known, i.e., that the NTLM code path was being
called during SASL/GSSAPI binds, I would suggest you either set up a number
of windows boxes that try and do SASL/GSSAPI auth with NTLM to a test
server, or write a script that does that and run it from multiple systems.
Some reference points:
<http://www.netid.washington.edu/documentation/ldapAuth.aspx>
It also seems it may be possible to use python-ldap to do this. I don't
know if it is possible with Net::LDAP or Net::LDAPapi
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration