Re: (ITS#8555) slapo-pcache forgets credentials for binddn

Full_Name: Quanah Gibson-Mount Version: 2.4.44 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (47.208.148.26) When slapo-pcache is set up to use the user credentials for binding, the first bind will succeed accordingly, but subsequent binds will fall back to anonymous, as slapd logs that the credentials are not found: 58645256 conn=1024 op=1 ldap_back_dobind_int: DN="cn=james a jones 1,ou=alumni association,ou=people,dc=example,dc=com" without creds, binding anonymouslyldap_sasl_bind This is trivial to reproduce by making a slight modification to test020-proxycache: index f4e5cb7..105b911 100755 --- a/tests/scripts/test020-proxycache +++ b/tests/scripts/test020-proxycache @@ -645,6 +645,22 @@ if test $RC != 4 ; then test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait exit 1 fi + +CNT=`expr $CNT + 1` +FILTER="(sn=Jon)" +ATTRS="cn mail telephonenumber" +echo "Query $CNT: (Result should not be cached)" +echo "# Query $CNT: (Result should not be cached)" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT2 \ + -D "$USERDN" -w "$UPASSWD" "$FILTER" $ATTRS >> $SEARCHOUT 2>> $TESTOUT +RC=$? + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + The error test case isn't useful here, but slapd.2.log can be examined to see the behavior. It appears that there's a problem with this block of code in back-ldap/bind.c, that starts at line 2489 in RE24: