Full_Name: Sean Finney
OS: Ubuntu Lucid
Submission from: (NULL) (126.96.36.199)
We have an ldap.conf with
where corp.net resolves to a list of about 20 round-robin balanced A records,
all of which are windows-based domain controllers for the site. Recently, a
hiccup in change control ended up with 3 of these servers being offline but
remaining in DNS.
Therefore, with about 3/20 probability ldapsearch and friends will just sit and
hang waiting for packets to return from the void until the TCP/IP RTT timeout is
It would be nice if ldapsearch could, either by default or as an option, have
some way of iteratively trying all of the returned DNS records in the face of
such failure (which could also be from some form of network hiccup, or a crashed
server). Bonus points if it could somehow be pre-emptive (i.e. not waiting for
the entire TCP/IP RTT timeout before trying another server).
Of course another alternative would be for us to duplicate the information from
DNS into multiple servers listed in URI, but that seems... duplicative. But in
any event I did a quick search of the issue system and didn't see a documented
position on the matter so I figured I could at least post this and see what you
hans.moser(a)ofd-z.niedersachsen.de schrieb am 26.08.2011 16:49 Uhr:
> hyc(a)symas.com schrieb am 24.08.2011 23:54 Uhr:
>> A patch for backglue.c is in git master, please test. Thanks.
> Does not help. :(
Any new patch to test?
Full_Name: Howard Chu
Version: git master
Submission from: (NULL) (188.8.131.52)
Submitted by: hyc
In test060 slapd-mtread will frequently get into an endless loop if slapd dies
during the multi-threaded reader+writer test. poll() returns a POLL_HANGUP event
but libldap only handles POLL_WRITE and POLL_READ; since nothing handles the
hangup event poll keeps returning the event.
Patch coming shortly.
Full_Name: Rich Megginson
Version: current tip of master branch
Submission from: (NULL) (184.108.40.206)
The establishment of the TLS/SSL connection (accept or connect) using
SSL_ForceHandshake() is not thread safe when using the PEM module. This patch
adds a mutex to protect the call.
These patch files are derived from OpenLDAP Software. All of the
modifications to OpenLDAP Software represented in the following
patch(es) were developed by Red Hat. Red Hat has not assigned rights
and/or interest in this work to any party. I, Rich Megginson am
authorized by Red Hat, my employer, to release this work under the
Red Hat hereby place the following modifications to OpenLDAP Software
(and only these modifications) into the public domain. Hence, these
modifications may be freely used and/or redistributed for any purpose
with or without attribution and/or other notice.
The OpenLDAP-ITS address is for reporting bugs in OpenLDAP software.
Nothing in your report is indicative of a bug in OpenLDAP.
If you have questions about use of OpenLDAP Software which are
not answered in the documentation, FAQ, and archives, use the
OpenLDAP-technical list (subscription required; instructions here
This issue report will be closed.
OS: solaris10 (9/10)
Submission from: (NULL) (220.127.116.11)
i m configure the open ldap server in my solaris10(9/10). but i run the slapd
-T test command one error message is coming i.e suffix invalid dn:21.please help
how to rectify this error.
--On Wednesday, August 31, 2011 5:24 PM +0000 pantelis.petridis(a)yahoo.com
> Do you have some information about what happened? Is there any
> explanation why the LDAP Server does not answer an LDAP request? Is there
> a workaround?
Please confirm whether or not the issue exists in the current OpenLDAP
Sr. Member of Technical Staff
A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration
Two packages have been uploaded to the incoming folder on openldap's
public ftp site. The package names are:
fortressCore.zip and fortressRealm.zip of sizes 1.1 MB and 74.8 KB
respectively. The two packages contain the source code that form the
basis for the Fortress Java SDK (fortessCore) and Java EE container
security plug-in component (fortressRealm).