[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6510) GSSAPI rebind proc will cause mutex deadlock

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6510) GSSAPI rebind proc will cause mutex deadlock
From: hyc@symas.com
Date: Thu, 8 Apr 2010 22:58:07 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

inlovewithGod@gmail.com wrote:
> Full_Name: Jeremiah Martell
> Version: 2.4.21
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (192.146.101.71)
>
>
> I have three windows active directory servers setup:
> childA.parent.example.com
> parent.example.com
> childB.parent.example.com
>
> I do a LDAP+GSSAPI bind to childA.parent.example.com.
> The bind succeeds.
>
> I do a search that returns referrals, (I know I need to be referred to
> parent, and then childB in order to find my result),
> and I have openldap follow referrals for me.
>
> My rebind proc is a function that only calls:
> ldap_sasl_interactive_bind_s( ld, NULL, NULL, NULL, NULL,
> LDAP_SASL_AUTOMATIC, sasl_driver, params );
> where sasl_driver and params is the same parameters that I used for
> the initial bind call to childA.
>
> After the seach call, the debug looks like this:
>
>> ldap_chase_v3referrals, where ref[0] = parent.example.com
>     >  myGSSAPIrebindProc
>         >  ldap_sasl_interactive_bind_s
>         <  ldap_sasl_interactive_bind_s
>     <  myGSSAPIrebindProc
> <  ldap_chase_v3referrals
>
>> ldap_chase_v3referrals, where ref[0] = childB.parent.example.com
>     >  myGSSAPIrebindProc
>         >  ldap_sasl_interactive_bind_s
>             >  ldap_chase_v3referrals, where ref[0] = childA.parent.example.com
>             <  ldap_chase_v3referrals
>             >  ldap_chase_v3referrals, where ref[0] =
> ForestDnsZones.parent.example.com
>                 >  myGSSAPIrebindProc
>                     >  ldap_sasl_interactive_bind_s ... HANG ON MUTEX
>
> I changed openldap to make all mutex's recursive, and this fixed my problem. I
> was then able to search, chase referrals, bind to referrals with
> ldap_sasl_interactive_bind_s, and eventually find my result.

Sounds like your servers are mis-configured, it is not legal to send a 
referral in response to a Bind request.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#6507) backglue and paged results issue
Next by Date: Re: (ITS#6510) GSSAPI rebind proc will cause mutex deadlock
Index(es):
- Chronological
- Thread