On Friday 15 October 2010 14:02:27 Howard Chu wrote:
Howard Chu wrote:
> Ralf Haferkamp wrote:
>>> Please review and comment, thanks.
>> It seems that SASL/GSSAPI binds broke somehow. At least for me
>> ldapsearch from current HEAD hangs in ldap_int_select(). I have
>> on the server side. Here is the end of ldapsearch's debug output:
> Thanks, I suspected that might happen. I only tested DIGEST-MD5 and
> EXTERNAL so far. Will look into it shortly.
All working for me now.
Same here. Thanks.
> Looking at it again, it strikes me that perhaps this
> was an exercise in futility. The ldap_host_connected_to() function
> can block doing a DNS lookup, and also the GSSAPI mechanism can
> block while obtaining a service ticket. (In addition to any
> blocking during ldap_pvt_sasl_getmechs()...) As such, it would need
> a lot more work to make it fully asynchronous. We could create the
> infrastructure needed to make ldap_host_connected_to() and
> ldap_pvt_sasl_getmechs() fully asynch, but we have no such control
> over the SASL mechanisms.
Still dunno what to do with this. Is it better than nothing?
I'd think so, yes.
AFAIK we do have similar issues with StartTLS as well,
don't we. Ok, ldap_start_tls() seems to completely async, but one needs
to call ldap_install_tls() after that, and that again might block
somewhere in the underlying openssl/gnutls/moznss libraries.
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)