[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: possible bug in lber library?

To: Dave Snoopy <kingsnoopy7@yahoo.com>
Subject: RE: possible bug in lber library?
From: Antti Tikkanen <antti.tikkanen@hut.fi>
Date: Wed, 12 Jun 2002 22:51:35 +0300 (EET DST)
Cc: Howard Chu <hyc@highlandsun.com>, openldap <openldap-software@OpenLDAP.org>
In-reply-to: <20020612172727.72157.qmail@web21203.mail.yahoo.com>

On Wed, 12 Jun 2002, Dave Snoopy wrote:

> I don't know of how much help it will be, but I found
> where the problem in ber_get_next is occuring. 
> 
> On line 482 of libraries/liblber/io.c, ber_get_next
> returns LBER_DEFAULT. This causes the caller, in
> result.c, to return the error previously mentioned. 
>  
> Does anyone who knows the code understand why this is
> happening? Is it likely a problem with OpenLDAP, or
> with a bad response from my domain controller? I'll be
> glad to help debug this if possible.

I just want to note that your problem is most likely (?) the same as mine:

  http://www.openldap.org/lists/openldap-software/200206/msg00248.html

At least the debug trace shows very similar things as your case:
ber_get_next followed by LDAP_SERVER_DOWN. 

I also tried to make a large query without SSL and Kerberos enabled
and got the same result, LDAP_SERVER_DOWN, but this time with a bit
different debug trace (compare to the one in the URL above):

--

  # ldapsearch -H ldap://myserver -b "dc=myserver,dc=com" -s sub -b 1
 
  (...)

  SASL SSF: 56
  SASL installing layers
  ldap_pvt_sasl_install
  version: 2
 
  #
  # filter: (objectclass=*)
  # requesting: ALL  
  #
 
  ldap_search_ext
  put_filter "(objectclass=*)"
  put_filter: simple
  put_simple_filter "objectclass=*"
  ldap_send_initial_request
  ldap_send_server_request
  ber_flush: 58 bytes to sd 3
  ldap_result msgid -1
  ldap_chkResponseList for msgid=-1, all=0
  ldap_chkResponseList returns NULL
  wait4msg (infinite timeout), msgid -1
  wait4msg continue, msgid -1, all 0
  ** Connections:
  * host: myserver  port: 389  (default)
    refcnt: 2  status: Connected
    last used: Wed Jun 12 22:38:55 2002
 
  ** Outstanding Requests:
   * msgid 5,  origid 5, status InProgress
     outstanding referrals 0, parent count 0
  ** Response Queue:
     Empty
  ldap_chkResponseList for msgid=-1, all=0
  ldap_chkResponseList returns NULL
  do_ldap_select
  read1msg: msgid -1, all 0
  ber_get_next
!!sb_sasl_pkt_length: received illegal packet length of 434312 bytes
!!sb_sasl_read: failed to decode packet: generic failure
  ldap_perror
  ldap_result: Can't contact LDAP server 
  ldap_unbind
  ldap_free_request (origid 5, msgid 5)
  ldap_free_connection
  ldap_send_unbind
  ber_flush: 7 bytes to sd 3
  ldap_free_connection: actually freed

--

The notable difference between the traces is just after ber_get_next,
marked with '!!' above. When I make the query smaller, replacing say 
'-s base' instead of '-s sub' it will work fine. 

So now it seems I have two problems instead of one. :) SSL+Kerberos fails
with everything and plain Kerberos fails with large querys. Everything
else works fine!

I too would be very grateful for any hints.

Antti

-- 

Antti.Tikkanen@hut.fi 
Helsinki University of Technology 
Computing Centre

Follow-Ups:
- RE: possible bug in lber library?
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- RE: possible bug in lber library?
  - From: Dave Snoopy <kingsnoopy7@yahoo.com>

Prev by Date: Import from SAMBA to LDAP
Next by Date: Re: OpenLDAP+SSL+Kerberos against AD
Index(es):
- Chronological
- Thread