https://bugs.openldap.org/show_bug.cgi?id=10099
Issue ID: 10099
Summary: OpenLDAP version 2.5 & 2.6 causes IP connectivity to
break and breaks basic commands like reboot
Product: OpenLDAP
Version: 2.5.16
Hardware: x86_64
OS: Linux
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: libraries
Assignee: b...@openldap.org
Reporter: amcwonga...@rbbn.com
Target Milestone: ---
Created attachment 980
--> https://bugs.openldap.org/attachment.cgi?id=980&action=edit
The package Makefile
I am upgrading openLDAP from version 2.4.59 to 2.5.16 and am running into show
stopper issues.
In my environment I am running CLIENT mode only (libldap).
I have tried 2.5.16 with the following combinations:
openSSL version 1.1.1s and 3.0.8
Kernel versions: 5.4.92, 4.19.192 and 2.6.32
Problems described below ONLY happens when connecting with a domain controller
using LDAPS - does NOT happen with LDAP (non-secure).
When I use ANY combination that includes kernel version 4 or 5 along with
openLDAP 2.5.16 I get random lockups to the point where IP connectivity breaks
into and out of the node. And also it is so completely hosed that even issuing
a reboot command from the console completely hangs and does not restart the
node.
The problem happens roughly 50% of the time with openLDAP combined with version
5 kernel but happens noticeably less frequently with the version 4 kernel.
As soon as I kill the process that invokes the connection with openLDAP the
problem clears up.
I invoke the connection with the following function call:
nReturnCode = ldap_sasl_bind( m_pLD, m_ADBind.GetBindDN(), LDAP_SASL_SIMPLE,
&stPassword, NULL, NULL, &nMsgID);
I use simple auth simply because the entire connection is secured with TLS
anyway and there is another functional reason which I cannot go into details
on.
OpenLDAP never returns from the ldap_sasl_bind function call. It hangs
somewhere inside the library but that alone cannot account for the complete
lockup where basic commands like reboot, etc do not work and where all IP
connectivity breaks. It seems it has to be something with openLDAP and the
Linux kernel combined that triggers this issue.
I am hoping that someone who is much more familiar with the libldap part of the
library will pick up on this and be able to determine how to fix this.
As an FYI: I also tried the very first version of 2.5.1 (alpha release) and the
latest 2.6 and the problem happens on those versions as well.
To be clear the problem does NOT happen if I run openLDAP 2.5.16 with Linux
kernel version 2.6.32.
ADDITIONALLY ALL openSSL & kernel combinations works with openLDAP version
2.4.59!
I am attaching the package Makefile to this report. Below is the ldap.conf
contents:
TLS_REQCERT never
TLS_KEY /tmp/ssl/certs/server.pem
TLS_CERT /tmp/ssl/certs/server.pem
TLS_PROTOCOL_MIN 3.1
sasl_secprops maxssf=0
--
You are receiving this mail because:
You are on the CC list for the issue.
