2.3.36 on FreeBSD 6.2-STABLE.
We have a need for the client to detect a hung server, so I thought I'd try something like this, called before each new connection:
struct timeval tv;
tv.tv_sec = 5; tv.tv_usec = 0; ldap_set_option(ld, LDAP_OPT_TIMEOUT, &tv); ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tv);
(In the actual code I do test for errors.)
I then ran "nc -l 389" to simulate a hung server, and issued a search against it, but it never times out. Attaching to the client with GDB and getting a back-trace shows this:
(gdb) bt #0 0x28180873 in poll () from /lib/libc.so.6 #1 0x280dfca9 in ldap_int_select () from /usr/local/lib/libldap-2.3.so.2 #2 0x280d00d0 in ldap_result () from /usr/local/lib/libldap-2.3.so.2 #3 0x280d155b in ldap_search_s () from /usr/local/lib/libldap-2.3.so.2 #4 0x08049d50 in getporthost (app=0xbfbfe944 "fgh", portnum=0xbfbfe7d8, host=0x804b520 "") at getporthost.c:200 #5 0x08048e8c in main (c=1, v=0xbfbfe840) at main.c:50
Do timeouts actually work? If so, what have I misunderstood?
Dave Horsfall wrote:
2.3.36 on FreeBSD 6.2-STABLE.
We have a need for the client to detect a hung server, so I thought I'd try something like this, called before each new connection:
struct timeval tv; tv.tv_sec = 5; tv.tv_usec = 0; ldap_set_option(ld, LDAP_OPT_TIMEOUT, &tv); ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tv);(In the actual code I do test for errors.)
I then ran "nc -l 389" to simulate a hung server, and issued a search against it, but it never times out. Attaching to the client with GDB and getting a back-trace shows this:
(gdb) bt #0 0x28180873 in poll () from /lib/libc.so.6 #1 0x280dfca9 in ldap_int_select () from /usr/local/lib/libldap-2.3.so.2 #2 0x280d00d0 in ldap_result () from /usr/local/lib/libldap-2.3.so.2 #3 0x280d155b in ldap_search_s () from /usr/local/lib/libldap-2.3.so.2 #4 0x08049d50 in getporthost (app=0xbfbfe944 "fgh", portnum=0xbfbfe7d8, host=0x804b520 "") at getporthost.c:200 #5 0x08048e8c in main (c=1, v=0xbfbfe840) at main.c:50
Do timeouts actually work? If so, what have I misunderstood?
The network timeout only controls how long to wait for a connection to be opened. The OPT_TIMEOUT option does nothing at all in OpenLDAP 2.3 and older; it appears to have been introduced early on with ever being implemented. It actually works in OpenLDAP 2.4.
On Sun, 16 Dec 2007, Howard Chu wrote:
The network timeout only controls how long to wait for a connection to be opened.
Ah, thanks for that.
The OPT_TIMEOUT option does nothing at all in OpenLDAP 2.3 and older; it appears to have been introduced early on with ever being implemented. It actually works in OpenLDAP 2.4.
Best argument I've seen to upgrade...
I have a NIS server that authenticates its users against a central LDAP server. To verify that it uses DIGEST-MD5 authentication, I ran the following command:
[snip] $ ldapsearch -Y DIGEST-MD5 -h ids.mot.com -b ou=people,ou=intranet,dc=motorola,dc=com -D motguid=XJC864,ou=people,ou=intranet,dc=motorola,dc=com -W -v motguid=XJC864 ldap_init( ids.mot.com, 0 ) Enter LDAP Password: SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Invalid credentials additional info: SASL(-1): generic failure: unable canonify user and get auxprops $ [snap]
As you can see, it starts MD5 authentication but get this error (even though I enter the correct password). Has anyone encountered and fixed such an error? Does anyone know how to troubleshoot this error? Any assistance would be appreciated.
Thank you, BJP
"Pantejo Barbara-XJC864" XJC864@motorola.com writes:
I have a NIS server that authenticates its users against a central LDAP server. To verify that it uses DIGEST-MD5 authentication, I ran the following command:
[snip] $ ldapsearch -Y DIGEST-MD5 -h ids.mot.com -b ou=people,ou=intranet,dc=motorola,dc=com -D motguid=XJC864,ou=people,ou=intranet,dc=motorola,dc=com -W -v motguid=XJC864 ldap_init( ids.mot.com, 0 ) Enter LDAP Password: SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Invalid credentials additional info: SASL(-1): generic failure: unable canonify user and get auxprops $ [snap]
As you can see, it starts MD5 authentication but get this error (even though I enter the correct password). Has anyone encountered and fixed such an error? Does anyone know how to troubleshoot this error? Any assistance would be appreciated.
Don't use the -D flag but -U flag with and a uid value.
-Dieter
openldap-software@openldap.org
-
Dave Horsfall -
Dieter Kluenter -
Howard Chu -
Pantejo Barbara-XJC864