I'm looking into a Debian bug report: https://bugs.debian.org/860947
ldap_int_sasl_init says:
/* XXX not threadsafe */ static int sasl_initialized = 0;
I'm not yet sure whether it's the cause of that report, but it does seem to be problematic. I'm seeing spurious "no such mechanism" results and/or crashes in mutiple environments performing SASL binds in parallel: - slapd with multiple syncrepl clients all using SASL binds, - the ldclt tool from the 389-ds project, and - the test program I'm about to describe below.
I wrote a test program for this issue, and I'd like to ask the list to check the code before I submit an ITS, in case I've made a mistake that renders my test invalid.
gcc -g sasltest.c -pthread -llber -lldap -lsasl2 -DSASL
As I understand it, -lldap_r should not be needed here since each thread creates its own LDAP instance. (It doesn't seem to change the results, anyway.)
Built without -DSASL, it uses simple binds, and appears to work fine, but again, I'm not confident my code is correct.
Thanks! Ryan