(ITS#7818) err=52 - unsuccessful bind due to lack of unbind

[maciej.uhlig@us.edu.pl]

Full_Name: Maciej Uhlig
Version: 2.4.39
OS: CentOS release 6.5 (Final)
URL: http://usnet.us.edu.pl/files/openldap/err52.txt
Submission from: (NULL) (155.158.97.72)


There are two OpenDJ servers and one OpenLDAP server. OpenLDAP server acts as a
proxy to OpenDJ servers. OpenLDAP server is used by Dovecot mailbox server (here
LDAP client) for user authentication.

                  /---OpenDJ1
Dovecot---OpenLDAP
                  \---OpenDJ2
				  
OpenLDAP server runs 2.4.39 software. The problem is observed during OpenLDAP
and OpenDJ servers interaction. Users can't send their mail. Dovecot server logs
"ldap_bind() failed: Server is unavailable". OpenLDAP server logs "err=52".
Restart of OpenLDAP server is required to resume normal operation. 

Analysis of OpenDJ log shows:
- conn=40822 (correct) takes not more than one second
- conn=40823 (incorrect) takes more than eleven minutes (it persists until
OpenLDAP server is stopped)

Analysis of OpenLDAP log shows:
- op=29970 (conn=40822 in OpenDJ server) ends with err=0
- op=29972 (conn=40823 in OpenDJ server) ends with err=0
- op=29976 (not seen in OpenDJ server) ends with err=52
- similarly op=29979 and all subsequent end with err=52

Looks like OpenLDAP server doesn't unbind (eleven minutes above) from OpenDJ
server. Instead it tries to make next bind which is unsuccesful (err=52).