Hi,
With OpenLDAP + TLS/SSL + GSSAPI, trying to modify the value of the multivalued attribute uniqueMember to ["uid=user1,ou=People,dc=example,dc=com", "uid=user2,ou=People,dc=example,dc=com", "uid=user3,ou=People,dc=example,dc=com", ...] hangs when the number of members cross 398. If instead of user1, user2, user3, ... I use usr1, usr2, usr3 ... then also it hangs but that was when the number of members cross 408. Further using u1, u2, u3, ... it hangs when the number of members cross 430. I couldn't figure out the reason for this behaviour.
Either way the solution to the problem seemed to be in setting maxssf to 0. Below is an example command on how I used this property:
$ LDAPSASL_SECPROPS="maxssf=0" LDAPTLS_CACERT=/etc/ssl/certs/rootcacert-dbs.example.com.pem ldapmodify -H "ldap://dbs.example.com" -Y GSSAPI -f data.ldif -ZZ
Is the hanging anticipated behaviour? Is setting maxssf=0 the proper solution or is there a better solution?
Regards, Rahul.
--On November 18, 2009 5:29:31 PM +0530 Rahul Amaram rahul@synovel.com wrote:
Hi,
With OpenLDAP + TLS/SSL + GSSAPI, trying to modify the value of the multivalued attribute uniqueMember to ["uid=user1,ou=People,dc=example,dc=com", "uid=user2,ou=People,dc=example,dc=com", "uid=user3,ou=People,dc=example,dc=com", ...] hangs when the number of members cross 398. If instead of user1, user2, user3, ... I use usr1, usr2, usr3 ... then also it hangs but that was when the number of members cross 408. Further using u1, u2, u3, ... it hangs when the number of members cross 430. I couldn't figure out the reason for this behaviour.
This is a known bug that will be fixed in the 2.4.20 release.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
--On November 18, 2009 8:45:28 AM -0800 Quanah Gibson-Mount quanah@zimbra.com wrote:
--On November 18, 2009 5:29:31 PM +0530 Rahul Amaram rahul@synovel.com wrote:
Hi,
With OpenLDAP + TLS/SSL + GSSAPI, trying to modify the value of the multivalued attribute uniqueMember to ["uid=user1,ou=People,dc=example,dc=com", "uid=user2,ou=People,dc=example,dc=com", "uid=user3,ou=People,dc=example,dc=com", ...] hangs when the number of members cross 398. If instead of user1, user2, user3, ... I use usr1, usr2, usr3 ... then also it hangs but that was when the number of members cross 408. Further using u1, u2, u3, ... it hangs when the number of members cross 430. I couldn't figure out the reason for this behaviour.
This is a known bug that will be fixed in the 2.4.20 release.
More specifically, ITS#6327, ITS#6334
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Quanah Gibson-Mount -
Rahul Amaram