ldap/servers/plugins/dna/dna.c | 3 ++-
ldap/servers/slapd/ldaputil.c | 33 +++++++++++++++++++++++----------
2 files changed, 25 insertions(+), 11 deletions(-)
New commits:
commit 7bbce966e820bdb160aff749387593b69679dbdc
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed Jan 18 11:01:35 2012 -0700
Ticket #12 - 389 DS DNA Plugin / Replication failing on GSSAPI
https://fedorahosted.org/389/ticket/12
Resolves: Ticket #12
Bug Description: 389 DS DNA Plugin / Replication failing on GSSAPI
Reviewed by: nhosoi (Thanks!)
Branch: master
Fix Description: The problem is due to timeout. The default DNA range request
timeout is 10ms, which is far too short in WAN environments. The fix is
two fold
1) make the default DNA range request timeout 10 minutes, the same as the
default replication timeout
2) openldap uses errno to report the timeout, so be sure to print the errno
and message when we get connection/bind failures.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
diff --git a/ldap/servers/plugins/dna/dna.c b/ldap/servers/plugins/dna/dna.c
index 32b6d11..2c7876f 100644
--- a/ldap/servers/plugins/dna/dna.c
+++ b/ldap/servers/plugins/dna/dna.c
@@ -74,7 +74,8 @@
#define DNA_FAILURE -1
/* Default range request timeout */
-#define DNA_DEFAULT_TIMEOUT 10
+/* use the default replication timeout */
+#define DNA_DEFAULT_TIMEOUT 600 * 1000 /* 600 seconds in milliseconds */
/**
* DNA config types
diff --git a/ldap/servers/slapd/ldaputil.c b/ldap/servers/slapd/ldaputil.c
index c4cec12..7901432 100644
--- a/ldap/servers/slapd/ldaputil.c
+++ b/ldap/servers/slapd/ldaputil.c
@@ -987,8 +987,8 @@ slapi_ldap_bind(
if (LDAP_SUCCESS != rc) {
slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind",
"Error: could not send startTLS request: "
- "error %d (%s)\n",
- rc, ldap_err2string(rc));
+ "error %d (%s) errno %d (%s)\n",
+ rc, ldap_err2string(rc), errno, slapd_system_strerror(errno));
goto done;
}
slapi_log_error(SLAPI_LOG_SHELL, "slapi_ldap_bind",
@@ -1026,10 +1026,10 @@ slapi_ldap_bind(
rc = slapi_ldap_get_lderrno(ld, NULL, NULL);
slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind",
"Error reading bind response for id "
- "[%s] mech [%s]: error %d (%s)\n",
+ "[%s] mech [%s]: error %d (%s) errno %d (%s)\n",
bindid ? bindid : "(anon)",
mech ? mech : "SIMPLE",
- rc, ldap_err2string(rc));
+ rc, ldap_err2string(rc), errno, slapd_system_strerror(errno));
goto done;
} else if (rc == 0) { /* timeout */
rc = LDAP_TIMEOUT;
@@ -1050,10 +1050,10 @@ slapi_ldap_bind(
0)) != LDAP_SUCCESS) {
slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind",
"Error: could not bind id "
- "[%s] mech [%s]: error %d (%s)\n",
+ "[%s] mech [%s]: error %d (%s) errno %d (%s)\n",
bindid ? bindid : "(anon)",
mech ? mech : "SIMPLE",
- rc, ldap_err2string(rc));
+ rc, ldap_err2string(rc), errno, slapd_system_strerror(errno));
goto done;
}
}
@@ -1064,10 +1064,10 @@ slapi_ldap_bind(
rc = slapi_ldap_get_lderrno(ld, NULL, NULL);
slapi_log_error(SLAPI_LOG_FATAL, "slapi_ldap_bind",
"Error: could not read bind results for id "
- "[%s] mech [%s]: error %d (%s)\n",
+ "[%s] mech [%s]: error %d (%s) errno %d (%s)\n",
bindid ? bindid : "(anon)",
mech ? mech : "SIMPLE",
- rc, ldap_err2string(rc));
+ rc, ldap_err2string(rc), errno, slapd_system_strerror(errno));
goto done;
}
}
@@ -1407,10 +1407,12 @@ slapd_ldap_sasl_interactive_bind(
rc = slapi_ldap_get_lderrno(ld, NULL, &errmsg);
slapi_log_error(SLAPI_LOG_FATAL,
"slapd_ldap_sasl_interactive_bind",
"Error: could not perform interactive bind for id
"
- "[%s] mech [%s]: error %d (%s) (%s)\n",
+ "[%s] mech [%s]: LDAP error %d (%s) (%s) "
+ "errno %d (%s)\n",
bindid ? bindid : "(anon)",
mech ? mech : "SIMPLE",
- rc, ldap_err2string(rc), errmsg);
+ rc, ldap_err2string(rc), errmsg,
+ errno, slapd_system_strerror(errno));
if (can_retry_bind(ld, mech, bindid, creds, rc, errmsg)) {
; /* pass through to retry one time */
} else {
commit 6aaeb772203bf1283eac51bb3d3219b57fff3d57
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Mon Dec 19 09:17:54 2011 -0700
add a hack to disable sasl hostname canonicalization - helps with testing when you
don't want to set up correct host name resolution and/or cannot set the default system
hostname
Reviewed by: nhosoi (Thanks!)
diff --git a/ldap/servers/slapd/ldaputil.c b/ldap/servers/slapd/ldaputil.c
index 34aa12e..c4cec12 100644
--- a/ldap/servers/slapd/ldaputil.c
+++ b/ldap/servers/slapd/ldaputil.c
@@ -726,6 +726,17 @@ slapi_ldap_init_ext(
/* must explicitly set version to 3 */
ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ldap_version3);
+#if defined(USE_OPENLDAP)
+ if (getenv("HACK_SASL_NOCANON")) {
+ /* the NONCANON flag tells openldap to use the hostname specified in
+ the ldap_initialize command, rather than looking up the
+ hostname using gethostname or similar - this allows running
+ sasl/gssapi tests on machines that don't have a canonical
+ hostname (such as localhost.localdomain)
+ */
+ ldap_set_option(ld, LDAP_OPT_X_SASL_NOCANON, LDAP_OPT_ON);
+ }
+#endif /* !USE_OPENLDAP */
/* Update snmp interaction table */
if (hostname) {
if (ld == NULL) {