[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ldap problem



On Mon, Jun 27, 2005 at 04:29:15PM -0400, jrollins@phys.columbia.edu wrote:
> Have you tried looking at the auth.log?  Maybe that will give you some hint.
> I've found that pam is very good about outputting stuff to the auth.log.  I was
> able to debug one problem from looking at the auth.log and seeing that pam
> couldn't contact the ldap server because the permissions on my libnss-ldap.conf
> file accidentally had the wrong mode.

Hi Jamie,

I believe I found it.  In /etc/libnss-ldap.conf I changed this:

   uri ldaps://myserver

to this:

   uri ldap://myserver

Then the hang disappeared.  Debugging ssh further I came across this
partial backtrace:

#0  0x00002aaaab692a32 in __read_nocancel () from /lib/libpthread.so.0
#1  0x00002aaaabf8c13f in sb_stream_read (sbiod=0x579900, buf=0x5b47f0, len=5) at /tmp/openldap2-2.1.30/libraries/liblber/sockbuf.c:490
#2  0x00002aaaabf8caf8 in sb_debug_read (sbiod=0x5b3640, buf=0x5b47f0, len=5) at /tmp/openldap2-2.1.30/libraries/liblber/sockbuf.c:816
#3  0x00002aaaabe6dd8b in sb_tls_bio_read (b=0x5b3940, buf=0x5b47f0, len=5) at tls.c:758
#4  0x00002aaaac1c8d15 in _gnutls_read (session=0x5b1350, iptr=0x5b47f0, sizeOfPtr=5, flags=0) at gnutls_buffers.c:219
#5  0x00002aaaac1c792c in _gnutls_io_read_buffered (session=0x5b1350, iptr=0x7fffffffef10, sizeOfPtr=5, recv_type=4294967295) at gnutls_buffers.c:408
#6  0x00002aaaac1c58eb in _gnutls_recv_int (session=0x5b1350, type=GNUTLS_ALERT, htype=4294967295, data=0x0, sizeofdata=0) at gnutls_record.c:680
#7  0x00002aaaac1c532f in gnutls_bye (session=0x5b1350, how=GNUTLS_SHUT_RDWR) at gnutls_record.c:197
#8  0x00002aaaabe708e4 in gnutls_SSL_shutdown (ssl=0x5b35f0) at gnutls.c:720
#9  0x00002aaaabe6d9ef in sb_tls_close (sbiod=0x5b3910) at tls.c:629
#10 0x00002aaaabf8bdf1 in ber_int_sb_close (sb=0x5773b0) at /tmp/openldap2-2.1.30/libraries/liblber/sockbuf.c:363
#11 0x00002aaaabf8b417 in ber_sockbuf_free (sb=0x5773b0) at /tmp/openldap2-2.1.30/libraries/liblber/sockbuf.c:67
#12 0x00002aaaabe521bc in ldap_ld_free (ld=0x577510, close=0, sctrls=0x0, cctrls=0x0) at unbind.c:159

I googled some more and found some users who have had similar problems
with gnutls_bye() in libgnutls.  I even saw a posting saying that it
works in i386, but not amd64.

The function appears to be trying to shutdown its ssl connection, but
it is waiting for something before it completes.  Unfortunately I
don't know how to fix it.  I'll file a bug report.

-- 
Sincerely,
Matt Dunford
Unix Systems Administrator
DOE Joint Genome Institute
url:   http://www.jgi.doe.gov
email: madunford@lbl.gov
phone: 925-296-5844



Reply to: