Bug#340601: ldapsearch hangs when using ldap for /etc/hosts

[Arthur de Jong]

Subject: ldapsearch hangs when using ldap for /etc/hosts
Package: ldap-utils
Version: 2.2.23-8
Severity: important
File: /usr/bin/ldapsearch

ldapsearch hangs when host nss information is retrieved from an LDAP
server and a user uses ldapsearch to search a different LDAP server.

The relevant parts of the relevant configfiles:
  /etc/nsswitch.conf:
    hosts:          files ldap dns
  /etc/libnss-ldap.conf:
    host 10.10.10.10
    base dc=domain,dc=tld
    ldap_version 3
  /etc/hosts:
    10.10.10.10   ldapserver1

When I run ldapsearch with the name of an LDAP server it hangs (searches
on ldapserver1 work as expected):

% ldapsearch -v -h ldapserver2 -D '....' -x -W 'uid=*'
ldap_initialize( ldap://ldapserver2 )
Enter LDAP Password:
*ldapsearch hangs*

(ldapserver2 does not have the address 10.10.10.10 and is not listed
in /etc/hosts)

% strace ldapsearch -v -h ldapserver2 -D '....' -x -W 'uid=*'
[...] 
rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_IGN}, 8) = 0
geteuid32()                             = 181
futex(0xb7c7aafc, FUTEX_WAKE, 2147483647) = 0
open("/etc/libnss-ldap.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=9108, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0xb7a76000
read(3, "###DEBCONF###\n# the configuratio"..., 131072) = 9108
read(3, "", 131072)                     = 0
close(3)                                = 0
munmap(0xb7a76000, 131072)              = 0
geteuid32()                             = 181
futex(0xb7fd1598, FUTEX_WAIT, 2, NULL

If I substitute the ip address of ldapserver2 ldapsearch produces the
expected results.

It appears that the LDAP library uses some locking mechanism to ensure
that it does not do two requests at the same time. Without looking at
the code, it appears that this lock is aquired before the LDAP server
name lookup is done which results in a deadlock.

This problem also occurs for any nss lookup if the ip address of
ldapserver1 is not listed in /etc/hosts (even if the ip address is
referenced in libnss-ldap.conf).

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (51, 'testing'), (50, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11.12
Locale: LANG=en_US, LC_CTYPE=en_GB (charmap=ISO-8859-1)

Versions of packages ldap-utils depends on: 
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  libldap-2.2-7               2.2.23-8     OpenLDAP libraries
ii  libsasl2                    2.1.19-1.5   Authentication abstraction library
ii  libssl0.9.7                 0.9.7e-3     SSL shared libraries

-- 
-- arthur de jong - [EMAIL PROTECTED] - west consulting b.v. --


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]