On Friday 15 October 2010 14:02:27 Howard Chu wrote: > Howard Chu wrote: > > Ralf Haferkamp wrote: [..] > >>> Please review and comment, thanks. > >> > >> It seems that SASL/GSSAPI binds broke somehow. At least for me > >> ldapsearch from current HEAD hangs in ldap_int_select(). I have > >> 2.4.23 > > > >> on the server side. Here is the end of ldapsearch's debug output: > > Thanks, I suspected that might happen. I only tested DIGEST-MD5 and > > EXTERNAL so far. Will look into it shortly. > > All working for me now. Same here. Thanks. > > Looking at it again, it strikes me that perhaps this restructuring > > was an exercise in futility. The ldap_host_connected_to() function > > can block doing a DNS lookup, and also the GSSAPI mechanism can > > block while obtaining a service ticket. (In addition to any > > blocking during ldap_pvt_sasl_getmechs()...) As such, it would need > > a lot more work to make it fully asynchronous. We could create the > > infrastructure needed to make ldap_host_connected_to() and > > ldap_pvt_sasl_getmechs() fully asynch, but we have no such control > > over the SASL mechanisms. > > Still dunno what to do with this. Is it better than nothing? I'd think so, yes. AFAIK we do have similar issues with StartTLS as well, don't we. Ok, ldap_start_tls() seems to completely async, but one needs to call ldap_install_tls() after that, and that again might block somewhere in the underlying openssl/gnutls/moznss libraries.
Ralf -- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
