inlovewithGod@gmail.com wrote:
Full_Name: Jeremiah Martell Version: 2.4.21 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (192.146.101.71)
I have three windows active directory servers setup: childA.parent.example.com parent.example.com childB.parent.example.com
I do a LDAP+GSSAPI bind to childA.parent.example.com. The bind succeeds.
I do a search that returns referrals, (I know I need to be referred to parent, and then childB in order to find my result), and I have openldap follow referrals for me.
My rebind proc is a function that only calls: ldap_sasl_interactive_bind_s( ld, NULL, NULL, NULL, NULL, LDAP_SASL_AUTOMATIC, sasl_driver, params ); where sasl_driver and params is the same parameters that I used for the initial bind call to childA.
After the seach call, the debug looks like this:
ldap_chase_v3referrals, where ref[0] = parent.example.com
> myGSSAPIrebindProc > ldap_sasl_interactive_bind_s < ldap_sasl_interactive_bind_s < myGSSAPIrebindProc< ldap_chase_v3referrals
ldap_chase_v3referrals, where ref[0] = childB.parent.example.com
> myGSSAPIrebindProc > ldap_sasl_interactive_bind_s > ldap_chase_v3referrals, where ref[0] = childA.parent.example.com < ldap_chase_v3referrals > ldap_chase_v3referrals, where ref[0] =ForestDnsZones.parent.example.com > myGSSAPIrebindProc > ldap_sasl_interactive_bind_s ... HANG ON MUTEX
I changed openldap to make all mutex's recursive, and this fixed my problem. I was then able to search, chase referrals, bind to referrals with ldap_sasl_interactive_bind_s, and eventually find my result.
Sounds like your servers are mis-configured, it is not legal to send a referral in response to a Bind request.