--On Wednesday, October 21, 2009 11:51 AM -0400 Mark Dieterich mkd@cs.brown.edu wrote:
Quanah,
What was the last OpenLDAP version this worked on, server side?
After you sent me the pointer to the other ITS, I started trying various combinations of ldapmodify and openldap backends to see if I could successfully perform this update. Unfortunately, I have yet to make it work. We first noticed this problem about a five weeks ago. At the time, we were running openldap on a debian etch server (openldap 2.3.30). It looks like the package we were running was from late Oct. 2008, so I suspect this operation never would have worked in our environment and we just finally hit some threshold.
Ok, thanks.
So Stanford also uses SASL/GSSAPI, and is hitting a similar issue, except on read instead of modify. When I take SASL/GSSAPI out of the picture, the search works fine. Are you able to test doing a simple bind with the modify to the server and seeing if that works?
I was hoping it was some change on the 2.4 server side that caused the issue. I'm able to reproduce Stanford's issue 100% on Linux systems as clients, going back to Heimdal 0.7.2 or MIT krb5 1.5.something, cyrus-sasl 2.1.18->2.1.23, OpenLDAP 2.2.13->2.4.19, openssl 0.9.8a->0.9.8k, and gcc 3.3.5->gcc 4.1.2.
However, if I use a Solaris Sparc system with SASL/GSSAPI, I never see the problem, regardless of Kerberos, cyrus-sasl, openssl, gcc, or openldap versions.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration