[Date Prev][Date Next] [Chronological] [Thread] [Top]

Issues with SSL/TLS + GSSAPI when modifying uniqueMember attribute (bug???)

To: openldap-technical@openldap.org
Subject: Issues with SSL/TLS + GSSAPI when modifying uniqueMember attribute (bug???)
From: Rahul Amaram <rahul@synovel.com>
Date: Wed, 18 Nov 2009 17:29:31 +0530
User-agent: Spicebird/0.7.1 (X11; 2009051913)

Hi,

With OpenLDAP + TLS/SSL + GSSAPI, trying to modify the value of themultivalued attribute uniqueMember to["uid=user1,ou=People,dc=example,dc=com","uid=user2,ou=People,dc=example,dc=com","uid=user3,ou=People,dc=example,dc=com", ...] hangs when the number ofmembers cross 398. If instead of user1, user2, user3, ... I use usr1,usr2, usr3 ... then also it hangs but that was when the number ofmembers cross 408. Further using u1, u2, u3, ... it hangs when thenumber of members cross 430. I couldn't figure out the reason for thisbehaviour.

Either way the solution to the problem seemed to be in setting maxssf to0. Below is an example command on how I used this property:

$ LDAPSASL_SECPROPS="maxssf=0"LDAPTLS_CACERT=/etc/ssl/certs/rootcacert-dbs.example.com.pem ldapmodify-H "ldap://dbs.example.com"; -Y GSSAPI -f data.ldif -ZZ

Is the hanging anticipated behaviour? Is setting maxssf=0 the propersolution or is there a better solution?


Regards,
Rahul.

Follow-Ups:
- Re: Issues with SSL/TLS + GSSAPI when modifying uniqueMember attribute (bug???)
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Racecondition when loading schemas?
Next by Date: slapcat kills slapadd
Index(es):
- Chronological
- Thread