Hello,
What is the proper way to de-initialize openLDAP library?
Let's assume I have ldap_initialize (ldaps://....) a couple of general ldap_set_option some ldap_set_option for TLS ldap_sasl_bind_s
Is ldap_unbind_s all that's required?
My problem is that if I do it this way when using openLDAP from a shared object and the process unloads the shared object and then loads it again (restarts my library) TLS won't work anymore. Probably there is one or more global variables in openLDAP that needs to be reset before unload to make sure the initialization works.
I looked at the ldapsearch example provided, in common.c, and noticed a call to ldap_pvt_tls_destroy. I tried that but it doesn't make any difference.
I've compiled openLDAP to use Mozilla NSS.
Best regards, Tobias
Tobias Ljunggren wrote:
Hello,
What is the proper way to de-initialize openLDAP library?
Let's assume I have ldap_initialize (ldaps://....) a couple of general ldap_set_option some ldap_set_option for TLS ldap_sasl_bind_s
Is ldap_unbind_s all that's required?
My problem is that if I do it this way when using openLDAP from a shared object and the process unloads the shared object and then loads it again (restarts my library) TLS won't work anymore. Probably there is one or more global variables in openLDAP that needs to be reset before unload to make sure the initialization works.
libldap only has one set of global variables, and they are maintained in a single structure. Unloading the library will wipe out that structure, reloading the library will force a new initialization.
It sounds like, however, your TLS library is not being fully unloaded. If your app has another reference to that, it would cause a problem like this.
Why do you bother to unload the library if you're just going to need to load it again later?
I looked at the ldapsearch example provided, in common.c, and noticed a call to ldap_pvt_tls_destroy. I tried that but it doesn't make any difference.
I've compiled openLDAP to use Mozilla NSS.
RedHat supports the MozNSS code, ask them for suggestions.
On 2014-10-19 06:07, Howard Chu wrote:
Tobias Ljunggren wrote:
Hello,
What is the proper way to de-initialize openLDAP library?
Let's assume I have ldap_initialize (ldaps://....) a couple of general ldap_set_option some ldap_set_option for TLS ldap_sasl_bind_s
Is ldap_unbind_s all that's required?
My problem is that if I do it this way when using openLDAP from a shared object and the process unloads the shared object and then loads it again (restarts my library) TLS won't work anymore. Probably there is one or more global variables in openLDAP that needs to be reset before unload to make sure the initialization works.
libldap only has one set of global variables, and they are maintained in a single structure. Unloading the library will wipe out that structure, reloading the library will force a new initialization.
It sounds like, however, your TLS library is not being fully unloaded. If your app has another reference to that, it would cause a problem like this.
Yes only a few of the nss (and nspr) modules are unloaded. But I thought that was because I didn't de inititialize things the proper way. This is whats loadeded on start (shim.dll is the module I'm developing): shim.dll msvcp110d.dll msvcr110d.dll libldap_r.dll liblber.dll nspr4.dll plc4.dll ssl3.dll nss3.dll winmm.dll nssutil3.dll plds4.dll winmmbase.dll cfgmgr32.dll devobj.dll softokn3.dll sqlite3.dll nssdbm3.dll freebl3.dll
But when I shut down this whats unloaded: nss3.dll ssl3.dll liblber.dll libldap_r.dll msvcp110d.dll shim.dll
I haven't checked whats unloaded on linux but I have the same problem after a restart so I guess it looks the same.
Why do you bother to unload the library if you're just going to need to load it again later?
Problem is that my module is built using an api from a service. It must support start, stop and restart. I load libldap_r and liblber with dlopen (or LoadLibrary on Windows) and don't unload until I have to.
I looked at the ldapsearch example provided, in common.c, and noticed a call to ldap_pvt_tls_destroy. I tried that but it doesn't make any difference.
I've compiled openLDAP to use Mozilla NSS.
RedHat supports the MozNSS code, ask them for suggestions.
Thanks for the tip, I will.
-- Tobias
openldap-technical@openldap.org