https://bugs.openldap.org/show_bug.cgi?id=9798
Issue ID: 9798 Summary: Clearing pending ops on Bind Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: ondra@mistotebe.net Target Milestone: ---
Some context first.
The only universal way of reset an arbitrary (SASL) bind in progress, at least in my reading of RFC4511 is to send an anonymous bind op, so that's what the load balancer does when needed (the client goes away, etc.).
Incidentally, this is also what the balancer chooses to do when the pending bind needs to be "abandoned" when the backend doesn't respond within a configured timeout. That's skating the edge of what RFC4511 allows, probably just past it.
The issue: When slapd receives a bind and another operation X (lloadd sends the above mentioned "reset" bind) before that first bind starts processing, X gets added into conn->c_ops_pending and does c_n_pending_ops++. Bind then eventually invokes connection_abandon which forgets to zero out c_n_pending_ops and the connection remains unusable forever. On the surface that's trivial to fix and a fix is coming.
On the other hand, operation X in the pending list is actually discarded too, so that kind of defeats the idea of trying to "abandon" the original bind and completely reset the connection state. Question is, do we want to retain the last bind in the pending list or does the balancer have to destroy the connection unconditionally when a bind times out?
https://bugs.openldap.org/show_bug.cgi?id=9798
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@openldap.org |ondra@mistotebe.net Target Milestone|--- |2.7.0 Keywords|needs_review |
https://bugs.openldap.org/show_bug.cgi?id=9798
Ondřej Kuzník ondra@mistotebe.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Clearing pending ops on |LLoadd<->slapd interaction |Bind |on a Bind timeout
https://bugs.openldap.org/show_bug.cgi?id=9798
Ondřej Kuzník ondra@mistotebe.net changed:
What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9799
https://bugs.openldap.org/show_bug.cgi?id=9798
Ondřej Kuzník ondra@mistotebe.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED
--- Comment #1 from Ondřej Kuzník ondra@mistotebe.net --- Just realised that https://git.openldap.org/openldap/openldap/-/merge_requests/500 should have pointed to this issue instead of ITS#9799, closing.
https://bugs.openldap.org/show_bug.cgi?id=9798
--- Comment #2 from Quanah Gibson-Mount quanah@openldap.org --- Fixed in:
Commits: • 34ebfac7 by Ondřej Kuzník at 2022-03-07T15:39:09+00:00 ITS#9799 Drop a bind connection if there's a timeout
Note ITS in commit is incorrect.
https://bugs.openldap.org/show_bug.cgi?id=9798
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org