connecting to the openldap server as well as connecting from the server openldap is running on to another openldap server using sasl authentication - e.g. via ldapsearch - only works two times as expected. any try to authenticate a third, fourth, ... time hangs before the passwort promt/sasl interactive mode's firts question appears. any furhter try seams to boost the problem and the time until the passwort promt/... is getting shown encreases. after waiting approx 3 or five minutes all is working well again but only two times too. trying to shutdown the openldap server during a "hanging" sasl authentication is being blocked and in the log file a "waiting for thread" message is added. after these 3 or five minutes, the openldap than stops. because the problem also occures when trying to connect from another server via sasl, e.g. for ldapsearch, this might not be a problem of openldap it self. but i do not know what else it could be. greez dirk Reproducible: Always emerge --info Portage 2.1.3.19 (default-linux/x86/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23-gentoo-r3 i686) ================================================================= System uname: 2.6.23-gentoo-r3 i686 AMD Duron(tm) processor Timestamp of tree: Tue, 25 Dec 2007 02:15:01 +0000 app-shells/bash: 3.2_p17 dev-lang/python: 2.4.4-r6 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.10-r5 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.5, 1.7.9-r1, 1.8.5-r3, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.23-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-O2 -march=i686 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks metadata-transfer sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://pandemonium.tiscali.de/pub/gentoo/ http://mirror.switch.ch/ftp/mirror/gentoo/ ftp://mirror.switch.ch/mirror/gentoo/ ftp://ftp.solnet.ch/mirror/Gentoo http://gentoo.mirror.solnet.ch " MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="acl berkdb bitmap-fonts cli cracklib crypt cups doc dri fortran gdbm gpm iconv ipv6 isdnlog midi mudflap ncurses nls nptl nptlonly openmp pam pcre perl pppd python readline reflection sasl session spl ssl symlink tcpd truetype-fonts type1-fonts unicode x86 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY ----------------------------------------------------------------------------- glibc: 2.6.1 openssl: 0.9.8g cyrus-sasl: 2.1.22-r2 courier-authlib: 0.58 courier-imap: 4.0.6-r2
some additional information that might be usefull. useflags: net-libs/courier-authlib -gdbm net-mail/courier-imap -gdbm dev-libs/cyrus-sasl authdaemond kerberos sample -gdbm net-nds/openldap kerberos overlays samba sasl slp -smbkrb5passwd berkdb crypt perl readline ssl tcpd -debug -gdbm -ipv6 -minimal -selinux net-fs/samba -acl -automount -cups -doc -examples -fam -ipv6 -pam -python -quotas -readline -swat -syslog -winbind
there is a thread treating this problem at the gentoo forum: http://forums.gentoo.org/viewtopic-p-4673036.html#4673036
i did some further investigations and figured out the following. i downgraded openssl-0.9.8e-r3 at the problem machine. than i was able to run about 7 or 8 sasl authentications in one sequence "ldapsearch"ing another openldap server from the problem server. after that the problem appeared again - authentications start hanging. even more interessting, the other machine, the one i thought it was working well shows the same symptoms when i run up to 10 authentications in sequence against the openldap server running on it. but that machine comes back much more faster thus a further authentication is possible. after the first hang, only 2 till 4 authentications are possible until it starts hanging again. the problem server now seams even not to be able to shutdown when there are hanging/pending authentications.
Brought it up in #ldap on freenode, no-one seemed to care :( can you send that to openldap-users mailinglist on their website? I can't do something useful here anymore, sorry
hi, i will do that. greez...
