On Fri, 2012-01-27 at 13:22 -0500, Rob Crittenden wrote: > Martin Kosek wrote: > > On Thu, 2012-01-26 at 16:37 -0500, Rob Crittenden wrote: > >> In our installer LDAP library (also used by replication tools) we handle > >> the case where the remote server hasn't started yet (wait_on_bind). What > >> this doesn't handle is if the connection fails with SERVER_DOWN due to a > >> TLS failure like hostname doesn't match the remote cert. > >> > >> Binding anyway causes a segfault in openldap. > >> > >> I've opened a bug against openldap, it shouldn't segfault. I also added > >> this patch as a workaround. > >> > >> rob > > > > I wasn't able to reproduce the crash yet, but it seems that your patch > > corrupts the error messages. > > > > Instead of standard error like: > > # ipa-replica-manage del vm-xxx > > Unable to delete replica vm-xxx: {'desc': "Can't contact LDAP server"} > > > > I get those (after I applied your patch): > > # ipa-replica-manage del vm-xxx > > Unable to delete replica vm-xxx: 'info' > > # ipa-replica-manage del vm-142 > > Unable to delete replica vm-142: 'info' > > # ipa-replica-manage force-sync --from=vm-xxx > > unexpected error: 'info' > > # ipa-replica-manage force-sync --from=vm-142 > > unexpected error: 'info' > > I had run into the same problem last night but forgot to send out an > updated patch. Attached. > > rob
Yes, now the error messages are OK. ACK. Pushed to master, ipa-2-2. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel