Subject: ldapsearch hangs when using ldap for /etc/hosts Package: ldap-utils Version: 2.2.23-8 Severity: important File: /usr/bin/ldapsearch
ldapsearch hangs when host nss information is retrieved from an LDAP server and a user uses ldapsearch to search a different LDAP server. The relevant parts of the relevant configfiles: /etc/nsswitch.conf: hosts: files ldap dns /etc/libnss-ldap.conf: host 10.10.10.10 base dc=domain,dc=tld ldap_version 3 /etc/hosts: 10.10.10.10 ldapserver1 When I run ldapsearch with the name of an LDAP server it hangs (searches on ldapserver1 work as expected): % ldapsearch -v -h ldapserver2 -D '....' -x -W 'uid=*' ldap_initialize( ldap://ldapserver2 ) Enter LDAP Password: *ldapsearch hangs* (ldapserver2 does not have the address 10.10.10.10 and is not listed in /etc/hosts) % strace ldapsearch -v -h ldapserver2 -D '....' -x -W 'uid=*' [...] rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_IGN}, 8) = 0 geteuid32() = 181 futex(0xb7c7aafc, FUTEX_WAKE, 2147483647) = 0 open("/etc/libnss-ldap.conf", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=9108, ...}) = 0 mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7a76000 read(3, "###DEBCONF###\n# the configuratio"..., 131072) = 9108 read(3, "", 131072) = 0 close(3) = 0 munmap(0xb7a76000, 131072) = 0 geteuid32() = 181 futex(0xb7fd1598, FUTEX_WAIT, 2, NULL If I substitute the ip address of ldapserver2 ldapsearch produces the expected results. It appears that the LDAP library uses some locking mechanism to ensure that it does not do two requests at the same time. Without looking at the code, it appears that this lock is aquired before the LDAP server name lookup is done which results in a deadlock. This problem also occurs for any nss lookup if the ip address of ldapserver1 is not listed in /etc/hosts (even if the ip address is referenced in libnss-ldap.conf). -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (51, 'testing'), (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11.12 Locale: LANG=en_US, LC_CTYPE=en_GB (charmap=ISO-8859-1) Versions of packages ldap-utils depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libldap-2.2-7 2.2.23-8 OpenLDAP libraries ii libsasl2 2.1.19-1.5 Authentication abstraction library ii libssl0.9.7 0.9.7e-3 SSL shared libraries -- -- arthur de jong - [EMAIL PROTECTED] - west consulting b.v. -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]