[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP 2.1 (?) on RedHat Enterprise summary
On Thursday, May 6, 2004, at 01:49 PM, Quanah Gibson-Mount wrote:
...
No symbol polluting.  We install all the libraries into /usr/local/, 
and that works just fine.  Note that OpenLDAP is a multi-threaded 
application, which is why this matters.  I found that the entire 
application stack (openssl,cyrus-sasl,openldap) became unstable when 
using MIT Kerberos, even if I was simply doing anonymous binds to the 
OpenLDAP server.
I'm using MIT on RHE3, with my own posix mutex patch to cyrus-sasl 
gssapi.c.
Heavy concurrent GSSAPI connection load works fine.  Without the patch,
concurrent GSSAPI connections were trouble, but isolated GSSAPI still
worked, and heavily concurrent SASL EXTERNAL access worked fine either
way.  I don't know why non-GSSAPI functions would ever be compromised
by the presence of the MIT krb5 library - maybe it brings along some
unhelpful library, or maybe the damage from concurrent GSSAPI access
survives to plague some other connection, but either explanation seems
tenuous to me.
	Donn Cave, donn@u.washington.edu