[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6510) GSSAPI rebind proc will cause mutex deadlock
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6510) GSSAPI rebind proc will cause mutex deadlock
- From: hyc@symas.com
- Date: Thu, 8 Apr 2010 22:58:07 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
inlovewithGod@gmail.com wrote:
> Full_Name: Jeremiah Martell
> Version: 2.4.21
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (192.146.101.71)
>
>
> I have three windows active directory servers setup:
> childA.parent.example.com
> parent.example.com
> childB.parent.example.com
>
> I do a LDAP+GSSAPI bind to childA.parent.example.com.
> The bind succeeds.
>
> I do a search that returns referrals, (I know I need to be referred to
> parent, and then childB in order to find my result),
> and I have openldap follow referrals for me.
>
> My rebind proc is a function that only calls:
> ldap_sasl_interactive_bind_s( ld, NULL, NULL, NULL, NULL,
> LDAP_SASL_AUTOMATIC, sasl_driver, params );
> where sasl_driver and params is the same parameters that I used for
> the initial bind call to childA.
>
> After the seach call, the debug looks like this:
>
>> ldap_chase_v3referrals, where ref[0] = parent.example.com
> > myGSSAPIrebindProc
> > ldap_sasl_interactive_bind_s
> < ldap_sasl_interactive_bind_s
> < myGSSAPIrebindProc
> < ldap_chase_v3referrals
>
>> ldap_chase_v3referrals, where ref[0] = childB.parent.example.com
> > myGSSAPIrebindProc
> > ldap_sasl_interactive_bind_s
> > ldap_chase_v3referrals, where ref[0] = childA.parent.example.com
> < ldap_chase_v3referrals
> > ldap_chase_v3referrals, where ref[0] =
> ForestDnsZones.parent.example.com
> > myGSSAPIrebindProc
> > ldap_sasl_interactive_bind_s ... HANG ON MUTEX
>
> I changed openldap to make all mutex's recursive, and this fixed my problem. I
> was then able to search, chase referrals, bind to referrals with
> ldap_sasl_interactive_bind_s, and eventually find my result.
Sounds like your servers are mis-configured, it is not legal to send a
referral in response to a Bind request.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/