https://bugs.openldap.org/show_bug.cgi?id=10099
Issue ID: 10099 Summary: OpenLDAP version 2.5 & 2.6 causes IP connectivity to break and breaks basic commands like reboot Product: OpenLDAP Version: 2.5.16 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: libraries Assignee: bugs@openldap.org Reporter: amcwongahey@rbbn.com Target Milestone: ---
Created attachment 980 --> https://bugs.openldap.org/attachment.cgi?id=980&action=edit The package Makefile
I am upgrading openLDAP from version 2.4.59 to 2.5.16 and am running into show stopper issues.
In my environment I am running CLIENT mode only (libldap).
I have tried 2.5.16 with the following combinations:
openSSL version 1.1.1s and 3.0.8 Kernel versions: 5.4.92, 4.19.192 and 2.6.32
Problems described below ONLY happens when connecting with a domain controller using LDAPS - does NOT happen with LDAP (non-secure).
When I use ANY combination that includes kernel version 4 or 5 along with openLDAP 2.5.16 I get random lockups to the point where IP connectivity breaks into and out of the node. And also it is so completely hosed that even issuing a reboot command from the console completely hangs and does not restart the node.
The problem happens roughly 50% of the time with openLDAP combined with version 5 kernel but happens noticeably less frequently with the version 4 kernel.
As soon as I kill the process that invokes the connection with openLDAP the problem clears up.
I invoke the connection with the following function call:
nReturnCode = ldap_sasl_bind( m_pLD, m_ADBind.GetBindDN(), LDAP_SASL_SIMPLE, &stPassword, NULL, NULL, &nMsgID);
I use simple auth simply because the entire connection is secured with TLS anyway and there is another functional reason which I cannot go into details on.
OpenLDAP never returns from the ldap_sasl_bind function call. It hangs somewhere inside the library but that alone cannot account for the complete lockup where basic commands like reboot, etc do not work and where all IP connectivity breaks. It seems it has to be something with openLDAP and the Linux kernel combined that triggers this issue.
I am hoping that someone who is much more familiar with the libldap part of the library will pick up on this and be able to determine how to fix this.
As an FYI: I also tried the very first version of 2.5.1 (alpha release) and the latest 2.6 and the problem happens on those versions as well.
To be clear the problem does NOT happen if I run openLDAP 2.5.16 with Linux kernel version 2.6.32.
ADDITIONALLY ALL openSSL & kernel combinations works with openLDAP version 2.4.59!
I am attaching the package Makefile to this report. Below is the ldap.conf contents:
TLS_REQCERT never TLS_KEY /tmp/ssl/certs/server.pem TLS_CERT /tmp/ssl/certs/server.pem TLS_PROTOCOL_MIN 3.1 sasl_secprops maxssf=0