Mike wrote:
I seem to be spending quite a bit of time here :) I'm either a terrible
programmer or the world's greatest tester.
My latest issue is with SASL binds. Everything works fine when it's
just me running my apps. But when other people start running at the
same time, the server starts rejecting *most* of the SASL binds. By
most, I mean it seems only a single user can successfully SASL bind
99.9% of the time, and there's no pattern.
What SASL mechanism are you using? Digest MD5? CRAM MD5? Kerberos?
If Kerberos, are you using encryption or just authentication? Are you
using the Mozilla C SDK? What version?
I was tailing the access log file for the server (Sun ONE directory
server 5.2, patch 4) and noticed when one of us gets booted, the server
prints error code B1 (instead of U1, which is printed for the successful
binds). Looking at Sun's website, it says error code B1 means the BER
request was either corrupt or too long. Has anyone seen this before or
know why the request would be corrupt? It seems weird since some of the
binds go through, and it's only when multiple users start running that
it prints this B1 error code.
You might want to try something like ethereal or tcpdump to trace the
TCP traffic between your client and the DS. Or turn up the log level on
the DS e.g. nsslapd-errorlog-level: 1 or so.
I've posted this to Sun's tech support forum and been in contact with
their tech support (since I originally suspected a server problem), but
now I'm thinking the BER encoding for the SASL bind is not correct.
There's some settings I'm gonna tweak on the server to try and remedy
the problem, but in the meantime I figured one more post here wouldn't
hurt.
Thanks, Mike
_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap
