[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5185) assertion failure in back-meta when the remote directory does not answer a bind request within the time allotted
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#5185) assertion failure in back-meta when the remote directory does not answer a bind request within the time allotted
- From: ando@sys-net.it
- Date: Sat, 13 Oct 2007 07:59:08 GMT
mhardin@symas.com wrote:
> Remote directory servers that do not answer a bind request within the timeout
> period will cause an assertion failure in back-meta.
>
> Analysis:
> The meta_back_bind() function calls either meta_back_proxy_authz_bind() if the
> bind is taking place with back_meta's rootdn or meta_back_single_bind() if it's
> not.
>
> Once they make the appropriate bind function call, each of these functions calls
> meta_back_bind_op_result() to process the result of the bind. Neither
> meta_back_proxy_authz_bind() or meta_back_single_bind() set the
> LDAP_BACK_CONN_BINDING state.
Because it's meta_back_getconn() that's supposed to set that flag when
appropriate.
> When meta_back_bind_op_result() calls ldap_result(), one of the possible return
> codes is 0, and meta_back_bind_op_result() will repeat the ldap_result() call,
> provided the timeout hasn't been exceeded or back-meta has been told not to
> retry.
>
> If the wait time has been exceeded the code falls through to an
> assert(LDAP_BACK_CONN_BINDING(msc)) statement. This assert is only valid when
> meta_back_do_bind() has made the function call, and it will fail if either
> meta_back_proxy_authz_bind() or meta_back_single_bind() made the function call.
The assert **should** always be valid. Its execution indicates that
there's an error somewhere else.
Does this happen when binding as the rootdn of the back-meta instance,
or as a regular user? If it occurs when binding as the rootdn, then I
think I know where the problem is. In that case, apart from me fixing
the problem (working at it...), you should also use
"pseudoroot-bind-defer yes".
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: pierangelo.masarati@sys-net.it
---------------------------------------