Cyrus + LDAP = death by 13

Roland Felnhofer roland.felnhofer at chello.at
Mon Mar 12 07:08:33 EST 2007


Dear all,

"Distro":	Linux From Scratch 6.1.1 + Beyond Linux From Scratch 6.1 +
different packages from source (not in BLFS)
HW:		2 CPU Pentium III (Katmai)

saslauthd 	2.1.22	(/usr/sbin/saslauthd -a ldap)
cyrus-imapd	2.3.7	(tested 2.2.12 as well)
OpenLDAP 	2.3.34	(tested 2.2.24 as well)
NSS		2.3.4	(=Glibc 2.3.4)

NOT working with nss_ldap 246 to nss_ldap 255

Best regards
Roland




Distro FC6 for x64, OpenLDAP 2.3.27/SASL 2.1.22/Cyrus IMAP 2.3.7/NSS
3.11.5-0.6.1

All standard Redhat RPMs.

> -----Original Message-----
> From: Konstantin V. Gavrilenko [mailto:mlists at arhont.com]
> Sent: 11 March 2007 22:15
> To: guus.leeuw at guusleeuwit.com
> Cc: info-cyrus at lists.andrew.cmu.edu
> Subject: Re: Cyrus + LDAP = death by 13
>
> Some more nss_ldap testing results.
>
> nss_ldap-255    NOT working
> nss_ldap-254    NOT working
> nss_ldap-253    NOT working
> nss_ldap-252    NOT working
> nss_ldap-251    NOT working
> nss_ldap-250    NOT working
> nss_ldap-249    NOT working
> nss_ldap-248    NOT working
> nss_ldap-247    - not tested -
> nss_ldap-246    NOT working    (SuSE source RPM)
> nss_ldap-245    !! could not find source !!
> nss_ldap-244    WORKING
> nss_ldap-243    - not tested -
> nss_ldap-242    - not tested -
> nss_ldap-241    - not tested -
> nss_ldap-240    WORKING
>
>
>
> Guus, can you say what distro you using and what architecture you've
> compiled it for? Since I have no problem on amd64, but on x86 it
> exists.
>
>
> yours,
> kos
>
>
> Respectfully,
> Konstantin V. Gavrilenko
>
> Managing Director
> Arhont Ltd - Information Security
>
> web:    http://www.arhont.com
> 	http://www.wi-foo.com
> e-mail: k.gavrilenko at arhont.com
>
> tel: +44 (0) 870 44 31337
> fax: +44 (0) 117 969 0141
>
> PGP: Key ID - 0xE81824F4
> PGP: Server - keyserver.pgp.com
>
>
> Guus Leeuw jr. wrote:
> > Chaps,
> >
> > nss_ldap-253 WORKING (As in I never saw the problem you described
> earlier)
> >
> > Guus
> >
> >> -----Original Message-----
> >> From: info-cyrus-bounces at lists.andrew.cmu.edu [mailto:info-cyrus-
> >> bounces at lists.andrew.cmu.edu] On Behalf Of Konstantin V. Gavrilenko
> >> Sent: 06 March 2007 23:42
> >> To: info-cyrus at lists.andrew.cmu.edu
> >> Cc: roland.felnhofer at chello.at
> >> Subject: Re: Cyrus + LDAP = death by 13
> >>
> >> Hi list,
> >>
> >> Been in contact with  Roland Felnhofer, who also experiences the
> same
> >> problem. He narrowed it down to the version of nss_ldap in use.
> >>
> >> Here is the list of different versions of nss_ldap and how it
> affects
> >> the cyrus operations.
> >>
> >> nss_ldap-248    NOT working
> >> nss_ldap-247    - not tested -
> >> nss_ldap-246    NOT working    (SuSE source RPM)
> >> nss_ldap-245    !! could not find source !!
> >> nss_ldap-244    WORKING
> >> nss_ldap-243    - not tested -
> >> nss_ldap-242    - not tested -
> >> nss_ldap-241    - not tested -
> >> nss_ldap-240    WORKING
> >>
> >> Maybe it will be helpful to someone.
> >>
> >>
> >>
> >> Respectfully,
> >> Konstantin V. Gavrilenko
> >>
> >> Managing Director
> >> Arhont Ltd - Information Security
> >>
> >> web:    http://www.arhont.com
> >> 	http://www.wi-foo.com
> >> e-mail: k.gavrilenko at arhont.com
> >>
> >> tel: +44 (0) 870 44 31337
> >> fax: +44 (0) 117 969 0141
> >>
> >> PGP: Key ID - 0xE81824F4
> >> PGP: Server - keyserver.pgp.com
> >>
> >>
> >> Konstantin V. Gavrilenko wrote:
> >>> Hi list,
> >>>
> >>> I have a problem with my cyrus server that I managed to track to
> the
> >>> presence of the LDAP on the system.
> >>>
> >>> The user and group information is obtained form the LDAP server.
> >>> When this functionality is enabled, when I start cyrus I get the
> >>> following error:
> >>>
> >>>
> >>> Feb 12 14:58:12 pingo master[22999]: about to exec
> >> /usr/lib/cyrus/idled
> >>> Feb 12 14:58:12 pingo master[22963]: ready for work
> >>> Feb 12 14:58:12 pingo master[22963]: process 23054 exited, signaled
> >> to
> >>> death by 13
> >>> Feb 12 14:58:12 pingo master[22963]: process 23055 exited, signaled
> >> to
> >>> death by 13
> >>> Feb 12 14:58:12 pingo master[22963]: process 23056 exited, signaled
> >> to
> >>> death by 13
> >>> Feb 12 14:58:14 pingo master[22963]: process 23057 exited, signaled
> >> to
> >>> death by 13
> >>> Feb 12 14:58:14 pingo master[22963]: service imaps pid 23057 in
> READY
> >>>
> >>> If I change the nssswitch.conf to obtain the group information from
> >>> files, cyrus starts up fine.
> >>>
> >>> passwd:         files ldap
> >>> #group:          files ldap
> >>> group:          files
> >>>
> >>>
> >>> When I shut down ldap server, leave the nsswitch.conf to obtain the
> >> info
> >>> from "files ldap" and start cyrus, I get the following error for
> some
> >>> time, and them cyrus starts up normally.
> >>>
> >>> Feb 12 15:13:07 pingo master[32551]: retrying with 1024 (current
> max)
> >>> Feb 12 15:13:07 pingo master[32551]: process started
> >>> Feb 12 15:13:07 pingo master[32554]: nss_ldap: failed to bind to
> LDAP
> >>> server ldaps://localhost/: Can't contact LDAP server
> >>> Feb 12 15:13:07 pingo master[32554]: nss_ldap: failed to bind to
> LDAP
> >>> server ldaps://localhost/: Can't contact LDAP server
> >>> Feb 12 15:13:07 pingo master[32554]: nss_ldap: reconnecting to LDAP
> >>> server (sleeping 1 seconds)...
> >>> Feb 12 15:13:08 pingo master[32554]: nss_ldap: failed to bind to
> LDAP
> >>> server ldaps://localhost/: Can't contact LDAP server
> >>> Feb 12 15:13:08 pingo master[32554]: nss_ldap: reconnecting to LDAP
> >>> server (sleeping 2 seconds)...
> >>>
> >>> In both of last cases, I can turn on ldap after the cyrus has
> >> started,
> >>> and it does not affect its later functionality and works fine.
> >>>
> >>> What can be the problem of initial start up of cyrus and signaled
> to
> >>> death by 13 (broken pipe) ? Has anyone experienced the same problem
> ?
> >>>
> >>>
> >> --
> >> Respectfully,
> >> Konstantin V. Gavrilenko
> >>
> >> Managing Director
> >> Arhont Ltd - Information Security
> >>
> >> web:    http://www.arhont.com
> >> 	http://www.wi-foo.com
> >> e-mail: k.gavrilenko at arhont.com
> >>
> >> tel: +44 (0) 870 44 31337
> >> fax: +44 (0) 117 969 0141
> >>
> >> PGP: Key ID - 0xE81824F4
> >> PGP: Server - keyserver.pgp.com
> >> ----
> >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> >>
> >>
> >> --
> >> No virus found in this incoming message.
> >> Checked by AVG.
> >> Version: 7.5.447 / Virus Database: 268.18.7/711 - Release Date:
> >> 05/03/2007 09:41
> >>
> >
>
> --
> Respectfully,
> Konstantin V. Gavrilenko
>
> Managing Director
> Arhont Ltd - Information Security
>
> web:    http://www.arhont.com
> 	http://www.wi-foo.com
> e-mail: k.gavrilenko at arhont.com
>
> tel: +44 (0) 870 44 31337
> fax: +44 (0) 117 969 0141
>
> PGP: Key ID - 0xE81824F4
> PGP: Server - keyserver.pgp.com
>
>
> --
> No virus found in this incoming message.
> Checked by AVG.
> Version: 7.5.447 / Virus Database: 268.18.8/717 - Release Date:
> 10/03/2007 14:25
>

--
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.447 / Virus Database: 268.18.8/717 - Release Date: 10/03/2007
14:25


----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html





More information about the Info-cyrus mailing list