[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#600458: unblock: nss-pam-ldapd/0.7.11

On Sun, 2010-10-17 at 13:11 +0200, Philipp Kern wrote:
> On Sun, Oct 17, 2010 at 12:54:05PM +0200, Arthur de Jong wrote:
> > I have another pending change that fixes a problem when nslcd would hang
> > under certain  circumstances (using TLS and seeing a certain type of
> > network problem during a search). This change is a little larger and was
> > the result of missing a last part of #596983.
> > 
> > It involves setting a timeout on the socket when closing the connection
> > and ensuring that in all places that the connection is closed the same
> > function is executed. It is a workaround for a bug in OpenLDAP when used
> > with GnuTLS. The relevant change can be seen here:
> >   http://arthurdejong.org/viewvc/nss-pam-ldapd/nss-pam-ldapd/nslcd/myldap.c?r1=1276&r2=1275&pathrev=1276
> > (except the changes from line 690 onwards because they are specific to
> > changes in the trunk)
> > 
> > Do you want me to prepare an upload to unstable with the above change?
> Two issues in one bug report is a bit annoying.  Please let the above
> version migrate first.

Since 0.7.11 migrated to testing I've uploaded a version 0.7.12 to
unstable that fixes the remaining disconnect problems.

> Workarounds like these are really hard to judge IMHO.  But as the line 690+
> changes are irrelevant you can go ahead.

The diff should be minimal. Only the first part of the diff (to nslcd.c)
applies the actual timeout setting and only just before closing the
connection. When that code hits no useful data should be sent over the
connection anyway.

The other changes just replace the call to ldap_unbind() with a call to
do_close() which ensures that unbinds are done the same way in every

If you need more background feel free to ask.

Thanks for your work.

-- arthur - adejong@debian.org - http://people.debian.org/~adejong --

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: