Cyrus + LDAP = death by 13

Roland Felnhofer roland.felnhofer at chello.at
Mon Mar 12 07:58:24 EST 2007


Hi Kos,

maybe I found the underlaying problem!!!

 # Connection policy:
 #  persist:   DSA connections are kept open (default)
 #  oneshot:   DSA connections destroyed after request
+nss_connect_policy oneshot
-#nss_connect_policy persist

I set 'nss_connect_policy' to oneshot and Cyrus IMAP starts without
problems  (so far - I'll run further test) !!!

I saw in the ldap.log that if I did a 'ls -all' over a directory the ldap
chat terminated (successfully - but nonetheless) with the following lines_

Mar 12 13:34:50 roka2 slapd[2942]: conn=449 op=4 SEARCH RESULT tag=101
err=0 nentries=1 text=
Mar 12 13:34:50 roka2 slapd[2942]: conn=449 fd=42 closed (connection lost)

I changed to and the chat ended with the following lines:
Mar 12 13:52:50 roka2 slapd[2942]: conn=511 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Mar 12 13:52:50 roka2 slapd[2942]: conn=511 op=2 UNBIND
Mar 12 13:52:50 roka2 slapd[2942]: conn=511 fd=42 closed


Where when I did a ldapsearch uid=whateveraccount it terminated with the
following lines:

Mar 12 13:55:53 roka2 slapd[2942]: conn=521 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Mar 12 13:55:53 roka2 slapd[2942]: conn=521 op=2 UNBIND
Mar 12 13:55:53 roka2 slapd[2942]: conn=521 fd=44 closed


I was irritated by 'closed (connection lost)'. 'Connection lost' does not
look like a clean termination of a communication.

Best regards
Roland


Some more nss_ldap testing results.

nss_ldap-255    NOT working
nss_ldap-254    NOT working
nss_ldap-253    NOT working
nss_ldap-252    NOT working
nss_ldap-251    NOT working
nss_ldap-250    NOT working
nss_ldap-249    NOT working
nss_ldap-248    NOT working
nss_ldap-247    - not tested -
nss_ldap-246    NOT working    (SuSE source RPM)
nss_ldap-245    !! could not find source !!
nss_ldap-244    WORKING
nss_ldap-243    - not tested -
nss_ldap-242    - not tested -
nss_ldap-241    - not tested -
nss_ldap-240    WORKING



Guus, can you say what distro you using and what architecture you've
compiled it for? Since I have no problem on amd64, but on x86 it exists.


yours,
kos


Respectfully,
Konstantin V. Gavrilenko

Managing Director
Arhont Ltd - Information Security

web:    http://www.arhont.com
	http://www.wi-foo.com
e-mail: k.gavrilenko at arhont.com

tel: +44 (0) 870 44 31337
fax: +44 (0) 117 969 0141

PGP: Key ID - 0xE81824F4
PGP: Server - keyserver.pgp.com


Guus Leeuw jr. wrote:




More information about the Info-cyrus mailing list