openldap-bugs October 2019

openldap-bugs@openldap.org

20 participants
54 discussions

Re: (ITS#9088) Concurrency not seen in OpenLDAP 2.4.44
by ondra＠mistotebe.net 08 Oct '19

08 Oct '19

On Tue, Oct 08, 2019 at 12:56:04PM +0000, jrajalakshmi(a)juniper.net wrote: > Hi, > > Thanks for the reply. There is an implementation already in our product. Hi, as mentioned previously, please provide a sample C program that shows what's happening and preferably one that also behaves better with 2.4.23 from your perspective so we can help you investigate. I don't believe packet captures would help us here at this point. > To summarize on the behavior observed > > Scenario#1: > > Single LDAP session with LDAP Bind does authentication in Sequential > Order. Due to sequential execution of OpenLDAP Search API after > version 2.4.24 we observe packet drops in LDAP Authentication Request. > This is resulting in Low performance of our product. Previously you mentioned only searches, which should work over the same connection depending how you do things. Not sure how binds fit in the picture here? Just a note that you can only have certain types of operations pending at the same time and binds are not one of them. Also don't know what you mean by packet drops here. Is that packet drops in your product or packet drops on the LDAP session? > Scenario #2: (this is a sample test case tried to compare the behavior > with Scenario#1) > > There are say 10 LDAP instances configured, all pointing to the same > LDAP server. The request-response is handled properly, performance is > improved when compared to scenario#1. But the drawback is the multiple > threads for every LDAP client session, utilizing more memory. This > design may not be recommended for our product. You can have a single thread taking care of the session (or however many sessions you want) if you use a non-blocking socket for the underlying connection(s) (and use ldap_result and friends) which is what the asynchronous API has been designed for. > Pl. reply back for any further queries / clarifications. The packet > captures file size is big (>6MB), can try to share the relevant > request-response details...... Regards, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP

1 0

RE: (ITS#9088) Concurrency not seen in OpenLDAP 2.4.44
by jrajalakshmi＠juniper.net 08 Oct '19

08 Oct '19

--_000_CH2PR05MB69514B8448808C2D1086ABB7DF9A0CH2PR05MB6951namp_ Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable Hi, Thanks for the reply. There is an implementation already in our product. To summarize on the behavior observed Scenario#1: Single LDAP session with LDAP Bind does authentication in Sequential Order.= Due to sequential execution of OpenLDAP Search API after version 2.4.24 we= observe packet drops in LDAP Authentication Request. This is resulting in = Low performance of our product. Scenario #2: (this is a sample test case tried to compare the behavior with= Scenario#1) There are say 10 LDAP instances configured, all pointing to the same LDAP s= erver. The request-response is handled properly, performance is improved wh= en compared to scenario#1. But the drawback is the multiple threads for eve= ry LDAP client session, utilizing more memory. This design may not be recom= mended for our product. Pl. reply back for any further queries / clarifications. The packet capture= s file size is big (>6MB), can try to share the relevant request-response d= etails...... Thanks, Raji -----Original Message----- From: Ond=F8ej Kuzn=EDk <ondra(a)mistotebe.net> Sent: Monday, September 30, 2019 8:18 PM To: Rajalakshmi Jayaraman <jrajalakshmi(a)juniper.net> Cc: openldap-its(a)OpenLDAP.org Subject: Re: (ITS#9088) Concurrency not seen in OpenLDAP 2.4.44 On Mon, Sep 23, 2019 at 09:22:45AM +0000, jrajalakshmi(a)juniper.net<mailto:j= rajalakshmi(a)juniper.net> wrote: > (1) What problem/issue/behavior are you having trouble with? What do > you expect to see? > Using OpenLDAP version 2.4.44 we are not seeing Concurrency whereas in > OpenLDAP Version 2.4.23 we are seeing Concurrent LDAP Requests. > In our product OpenLDAP 2.4.23 was previously used and the concurrent > request for search using the API ' ldap_search_ext_s() ' was working > as expected and our product scalability was better. > We have recently upgraded LDAP to OpenLDAP 2.4.44. But with this > version, the api 'ldap_search_ext_s()' does not seem to work as > expected, i.e concurrent requests handling is not happening. Hi, if you want the project to investigate this, it would be useful if you prov= ide a sample program that exhibits this behaviour with a vanilla build of 2= .4.48 and doesn't exhibit that with an analogous build of 2.4.23. I would like to point out that since 2.4.23 is a very old release, it is al= so possible you have been relying on undocumented behaviour or a libldap_r = bug that has since been fixed. That is what a sample program would also hel= p to rule out. Regards, -- Ond=F8ej Kuzn=EDk Senior Software Engineer Symas Corporation https://urldefense.com/v3/__http://= www.symas.com__;!8WoA6RjC81c!Xs72RxgyQ_p-CmwcbkhCu7cCMZXgmihqyjqC563sunVF3O= tjroYFsOTBsDbndrE4VnYu$<https://urldefense.com/v3/__http:/www.symas.com__;!= 8WoA6RjC81c!Xs72RxgyQ_p-CmwcbkhCu7cCMZXgmihqyjqC563sunVF3OtjroYFsOTBsDbndrE= 4VnYu$> Packaged, certified, and supported LDAP solutions powered by OpenLDAP Juniper Business Use Only --_000_CH2PR05MB69514B8448808C2D1086ABB7DF9A0CH2PR05MB6951namp_ Content-Type: text/html; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable <html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr= osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:= //www.w3.org/TR/REC-html40"> <head> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-= 2"> <meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)"> <style></style> </head> <body lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72"> <div class=3D"WordSection1"> Hi,<o:p></o:p> Thanks for the reply. There is an implementation = already in our product.<o:p></o:p> <o:p> </o:p> To summarize on the behavior observed<o:p></o:p><= /p> Scenario#1:<o:p></o:p> Single LDAP session with LDAP Bind does authentic= ation in Sequential Order. Due to sequential execution of OpenLDAP Search A= PI after version 2.4.24 we observe packet drops in LDAP Authentication Requ= est. This is resulting in Low performance of our product. <o:p></o:p> <o:p> </o:p> Scenario #2: (this is a sample test case tried to= compare the behavior with Scenario#1)<o:p></o:p> There are say 10 LDAP instances configured, all p= ointing to the same LDAP server. The request-response is handled properly, = performance is improved when compared to scenario#1. But the drawback is th= e multiple threads for every LDAP client session, utilizing more memory. This design may not be recommended = for our product.<o:p></o:p> <o:p> </o:p> Pl. reply back for any further queries / clarific= ations. The packet captures file size is big (>6MB), can try to share th= e relevant request-response details……<o:p></o:p> <o:p> </o:p> Thanks, Raji<o:p></o:p> <o:p> </o:p> <o:p> </o:p> <o:p> </o:p> <o:p> </o:p> <o:p> </o:p> <o:p> </o:p> -----Original Message----- From: Ond=F8ej Kuzn=EDk <ondra(a)mistotebe.net> Sent: Monday, September 30, 2019 8:18 PM To: Rajalakshmi Jayaraman <jrajalakshmi(a)juniper.net> Cc: openldap-its(a)OpenLDAP.org Subject: Re: (ITS#9088) Concurrency not seen in OpenLDAP 2.4.44<o:p></o:p><= /p> <o:p> </o:p> On Mon, Sep 23, 2019 at 09:22:45AM +0000, <a = href=3D"mailto:jrajalakshmi@juniper.net"> jrajalakshmi(a)juniper.= net</a> wrote:<o:p></o:p> > (1) What problem/issue/behavior are you havi= ng trouble with? What do <o:p></o:p> > you expect to see?<o:p></o:p> > Using OpenLDAP version 2.4.44 we are not see= ing Concurrency whereas in <o:p></o:p> > OpenLDAP Version 2.4.23 we are seeing Concur= rent LDAP Requests.<o:p></o:p> > In our product OpenLDAP 2.4.23 was previousl= y used and the concurrent <o:p></o:p> > request for search using the API ' ldap_sear= ch_ext_s() ' was working <o:p></o:p> > as expected and our product scalability was = better.<o:p></o:p> > We have recently upgraded LDAP to OpenLDAP 2= .4.44. But with this <o:p></o:p> > version, the api 'ldap_search_ext_s()' does = not seem to work as <o:p></o:p> > expected, i.e concurrent requests handling i= s not happening.<o:p></o:p> <o:p> </o:p> Hi,<o:p></o:p> if you want the project to investigate this, it w= ould be useful if you provide a sample program that exhibits this behaviour= with a vanilla build of 2.4.48 and doesn't exhibit that with an analogous = build of 2.4.23.<o:p></o:p> <o:p> </o:p> I would like to point out that since 2.4.23 is a = very old release, it is also possible you have been relying on undocumented= behaviour or a libldap_r bug that has since been fixed. That is what a sam= ple program would also help to rule out.<o:p></o:p> <o:p> </o:p> Regards,<o:p></o:p> <o:p> </o:p> --<o:p></o:p> Ond=F8ej Kuzn=EDk<o:p></o:p> Senior Software Engineer<o:p></o:p> Symas Corporation     &n= bsp;           &nbsp= ;     <a href=3D"https://urldefense.com/v3/__http:/www.= symas.com__;!8WoA6RjC81c!Xs72RxgyQ_p-CmwcbkhCu7cCMZXgmihqyjqC563sunVF3Otjro= YFsOTBsDbndrE4VnYu$"> https://urldefense.co= m/v3/__http://www.symas.com__;!8WoA6RjC81c!Xs72RxgyQ_p-CmwcbkhCu7cCMZXgmihq= yjqC563sunVF3OtjroYFsOTBsDbndrE4VnYu$</a> <o:p></o:p> Packaged, certified, and supported LDAP solutions= powered by OpenLDAP<o:p></o:p> <o:p> </o:p> Juniper Business Use Only</span= ><o:p></o:p> </div> </body> </html> --_000_CH2PR05MB69514B8448808C2D1086ABB7DF9A0CH2PR05MB6951namp_--

1 0

Re: (ITS#8996) Please supply a pkg-config file for libldap
by hugh.mcmaster＠outlook.com 03 Oct '19

03 Oct '19

Hi Ryan, Thank you for your review. On Thu, 3 Oct 2019 at 13:05, Ryan Tandy wrote: > Thanks for providing the patches. I have reviewed and tested them, > everything I could think of works properly. Excellent! :) > As a personal opinion I might prefer shorter descriptions, for example > "OpenLDAP ASN.1 Basic Encoding Rules library for LDAP" and "OpenLDAP > Lightweight Directory Access Protocol library (reentrant version)". Only > an opinion, there's nothing wrong with what you wrote. I'm happy for the descriptions to be whatever describes the libraries best. I particularly like your shortened ASN.1 description. > I'd like to see this included, however a more senior team member should > approve it first. Good luck! Thanks. Hopefully that will happen soon. Kind regards, Hugh

1 0

Re: (ITS#8996) Please supply a pkg-config file for libldap
by ryan＠openldap.org 02 Oct '19

02 Oct '19

Hello Hugh, Thanks for providing the patches. I have reviewed and tested them, everything I could think of works properly. As a personal opinion I might prefer shorter descriptions, for example "OpenLDAP ASN.1 Basic Encoding Rules library for LDAP" and "OpenLDAP Lightweight Directory Access Protocol library (reentrant version)". Only an opinion, there's nothing wrong with what you wrote. I'd like to see this included, however a more senior team member should approve it first. Good luck! cheers, Ryan

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs October 2019