[389-users] sasl_io_start_packet: failed - read only 3 bytes of 4

Edward Z. Yang ezyang at MIT.EDU
Mon Sep 27 14:06:38 UTC 2010 

We also have some old servers lying around, and we've seen some
interesting differences doing replication between them and the new
servers (I didn't report them initially because I assume a heterogenous
LDAP master deployment is not... really supported.)  But this information
might be helpful for debugging.

New version is: 1.2.6 B2010.238.2133, old version is: 1.2.5 B2010.012.2024

* Incremental replication from new to old fails, with

[23/Sep/2010:18:42:57 -0400] NSMMReplicationPlugin - agmt="cn=GSSAPI Replication to real-mccoy.mit.edu" (real-mccoy:389): Unable to parse the response to the startReplication extended operation. Replication is aborting.

* Incremental replication from old to new, old to old and new to new succeeds

* Total update from old to new and old to old succeeds

* Total update from new to new fails with the aforementioned bug

* Total update from new to old is untested

If you would like us to rebuild fedora-389-ds with the corresponding source
patched to read properly, we can do that.

Edward

Excerpts from Edward Z. Yang's message of Sun Sep 26 15:13:13 -0400 2010:
> Hello all,
> 
> We're running into this error message on a full update between two
> dirsrvs of version:
> 
> 389 Project
> 389-Directory/1.2.6 B2010.238.2133
> 
> The error message is:
> 
> [26/Sep/2010:15:03:35 -0400] - sasl_io_start_packet: failed - read only 3
> bytes of sasl packet length on connection 4
> 
> According to the source code:
> 
> /*
>  * NOTE: A better way to do this would be to read the bytes and add them to·
>  * sp->encrypted_buffer - if offset < 4, tell caller we didn't read enough
>  * bytes yet - if offset >= 4, decode the length and proceed.  However, it
>  * is highly unlikely that a request to read 4 bytes will return < 4 bytes,
>  * perhaps only in error conditions, in which case the ret < 0 case above
>  * will run
>  */
> 
> Uh. Maybe our network is strange, maybe we've run into a different error
> condition, but this seems quite poor...
> 
> Cheers,
> Edward

More information about the 389-users mailing list