[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: possible bug in lber library?

To: "Dave Snoopy" <kingsnoopy7@yahoo.com>, "openldap" <openldap-software@OpenLDAP.org>
Subject: RE: possible bug in lber library?
From: "Howard Chu" <hyc@highlandsun.com>
Date: Tue, 11 Jun 2002 23:01:44 -0700
Importance: Normal
In-reply-to: <20020612051910.25795.qmail@web21202.mail.yahoo.com>

I have a sinking feeling that a recent patch to the SASL sockbuf routines is
wrong. However, I've been unable to duplicate this bug in my tests.

Please try this: in libldap/cyrus.c, line 164, change the line
	if ( size > max ) {
to
	if ( size > SASL_MAX_BUFF_SIZE ) {

and rebuild OpenLDAP, then see if the problem remains.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Dave Snoopy
> Sent: Tuesday, June 11, 2002 10:19 PM
> To: openldap
> Subject: possible bug in lber library?
>
>
> I'm having a problem doing certain LDAP searches
> against a Win2K DC, which I think may be due to a bug
> in OpenLDAP's lber library.
>
> I am creating a simple tool to securely list users and
> groups on a Win2K DC. For this I've compiled the
> latest OpenLDAP (2.1.2), with the latest Cyrus-SASL
> (2.1.4), and MIT Kerberos 1.2.5.
>
> I use the ldapsearch tool to do my query. I have 2
> flavors of searches. One which uses simple
> authentication "-x", and another which uses SASL "-X".
> Both searches work successfully on DCs which have a
> reasonable number of groups.
>
> Then QA came in. It seems that if someone creates
> 1,000 users on a DC, the secure version of my
> ldapsearch fails (the simple authentication one still
> works though). This is the error I get:
>
>   # extended LDIF
>   #
>   # LDAPv3
>   # filter: objectClass=group
>   # requesting: sAMAccountName objectSID
>   #
>   ldap_result: Can't contact LDAP server (81)
>
> Using a bunch of printf statements, I traced the error
> to a failed call to "ber_get_next" in
> libraries/libldap/result.c, which is called from
> try_read1msg(). The error causes ld->ld_errno to be
> assigned LDAP_SERVER_DOWN (which is not the case).
>
> It seems as if something in the lber library can't
> handle the many responses from my DC. Any thoughts as
> to why? If someone can point me in the right
> direction, I can try to help debug this some more.
>
> --Dave
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! - Official partner of 2002 FIFA World Cup
> http://fifaworldcup.yahoo.com

Follow-Ups:
- RE: possible bug in lber library?
  - From: Dave Snoopy <kingsnoopy7@yahoo.com>

References:
- possible bug in lber library?
  - From: Dave Snoopy <kingsnoopy7@yahoo.com>

Prev by Date: possible bug in lber library?
Next by Date: ACL
Index(es):
- Chronological
- Thread