Quanah Gibson-Mount quanah@stanford.edu writes:
The libraries compiled against GnuTLS are:
:/usr/lib> ldd libldap.so.2.0.130
...
libgnutls.so.11 => /usr/lib/libgnutls.so.11 (0xa7e57000)
However, the Debian etch slapd and ldap utilities, such as ldapsearch, don't use this library. It's only some other things that do so, such as samba. slapd and ldap* use libldap[_r]-2.3 instead, which appears to not be using gnutls.
The problem comes when the user ID running slapd, and the user ID handling other things that load /usr/lib/libldap.so.* are the same, whether that is root or the ldap user. As soon as both sets of libraries get loaded into the same user space, problems ensue.
I stopped all services that were using libldap*, then started the compiled slapd (with -u openldap anyway, and nothing else runs as that user, though I'm not certain the libraries aren't opened before it switches priviliges), and still I had the same symptom. (And my compiled slapd is also believed to not use gnutls; it doesn't use libldap anyway.)
I therefore don't see any evidence that the problem is really gnutls-related. That you can't reproduce it doesn't quite help, you've compiled almost everything yourself.
You think I should also try to gradually compile things myself, trying to locate which library causes the problem? Needless to say I'd prefer a simpler investigation path, if one exists.
A debian bug reporting similar behaviour was filed two days ago: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=412706. I'll add my experience there.