[Touch-packages] [Bug 1921562] Re: Intermittent hangs during ldap_search_ext when TLS enabled
I've been running 2.4.49+dfsg-2ubuntu1.8 from focal-proposed for the past few days and the issue has not returned. As otherwise the issue would occur at least once per day, I consider it fixed. Furthermore, no other issues have cropped up in the meantime. ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1921562 Title: Intermittent hangs during ldap_search_ext when TLS enabled Status in openldap: Fix Released Status in openldap package in Ubuntu: Fix Released Status in openldap source package in Focal: Fix Committed Status in openldap source package in Groovy: Fix Released Bug description: [Impact] When connecting to an LDAP server with TLS, ldap_search_ext can hang if during the initial TLS handshake a signal is received by the process. The cause of this bug is the same as https://bugs.openldap.org/show_bug.cgi?id=8650. In our case this bug cause failures in the SSSD LDAP backend at least once per day, resulting in authentication errors followed by a sssd_be restart after a timeout has been hit. [Test Plan] === When using openldap on 20.04, this bug causes failures in the SSSD LDAP backend, resulting in authentication errors followed by a sssd_be restart after a timeout has been hit: Mar 19 19:05:31 mail auth[867454]: pam_sss(dovecot:auth): received for user redacted: 4 (System error) Mar 19 19:05:32 mail sssd_be[867455]: Starting up With the patched version, this should no longer be a problem. [Where Problems Could Occur] With this patch applied, there may be few edge cases in (and varying b/w) different versions of GnuTLS. And also some bits that are discussed in https://bugs.openldap.org/show_bug.cgi?id=8650. But that said, the patched version is already being run in production for over two weeks time (at the time of writing - 07/04/21). So I believe the SRU will clearly benefit from this and has lower risk of regression. [More Info] === A reduced version of the patch linked above can be found attached to this bug report. This patch has been applied to version 2.4.49+dfsg- 2ubuntu1.7 and has been running in production for approximately a week and the issue has no longer occurred. No other issues have appeared during this period. To manage notifications about this bug go to: https://bugs.launchpad.net/openldap/+bug/1921562/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1921562] Re: Intermittent hangs during ldap_search_ext when TLS enabled
The bug hasn't returned since I installed the fixed package and no new issues have cropped up. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1921562 Title: Intermittent hangs during ldap_search_ext when TLS enabled Status in openldap: Fix Released Status in openldap package in Ubuntu: Fix Released Status in openldap source package in Focal: In Progress Status in openldap source package in Groovy: Fix Released Bug description: [Impact] When connecting to an LDAP server with TLS, ldap_search_ext can hang if during the initial TLS handshake a signal is received by the process. The cause of this bug is the same as https://bugs.openldap.org/show_bug.cgi?id=8650. In our case this bug cause failures in the SSSD LDAP backend at least once per day, resulting in authentication errors followed by a sssd_be restart after a timeout has been hit. [Test Plan] === When using openldap on 20.04, this bug causes failures in the SSSD LDAP backend, resulting in authentication errors followed by a sssd_be restart after a timeout has been hit: Mar 19 19:05:31 mail auth[867454]: pam_sss(dovecot:auth): received for user redacted: 4 (System error) Mar 19 19:05:32 mail sssd_be[867455]: Starting up With the patched version, this should no longer be a problem. [Where Problems Could Occur] With this patch applied, there may be few edge cases in (and varying b/w) different versions of GnuTLS. And also some bits that are discussed in https://bugs.openldap.org/show_bug.cgi?id=8650. But that said, the patched version is already being run in production for over two weeks time (at the time of writing - 07/04/21). So I believe the SRU will clearly benefit from this and has lower risk of regression. [More Info] === A reduced version of the patch linked above can be found attached to this bug report. This patch has been applied to version 2.4.49+dfsg- 2ubuntu1.7 and has been running in production for approximately a week and the issue has no longer occurred. No other issues have appeared during this period. To manage notifications about this bug go to: https://bugs.launchpad.net/openldap/+bug/1921562/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1921562] Re: Intermittent hangs during ldap_search_ext when TLS enabled
I've deployed the patch, I'll let you know whether it works and if any regressions occur. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1921562 Title: Intermittent hangs during ldap_search_ext when TLS enabled Status in openldap: Fix Released Status in openldap package in Ubuntu: Fix Released Status in openldap source package in Focal: In Progress Status in openldap source package in Groovy: Fix Released Bug description: [Impact] When connecting to an LDAP server with TLS, ldap_search_ext can hang if during the initial TLS handshake a signal is received by the process. The cause of this bug is the same as https://bugs.openldap.org/show_bug.cgi?id=8650. In our case this bug cause failures in the SSSD LDAP backend at least once per day, resulting in authentication errors followed by a sssd_be restart after a timeout has been hit. [Test Plan] === When using openldap on 20.04, this bug causes failures in the SSSD LDAP backend, resulting in authentication errors followed by a sssd_be restart after a timeout has been hit: Mar 19 19:05:31 mail auth[867454]: pam_sss(dovecot:auth): received for user redacted: 4 (System error) Mar 19 19:05:32 mail sssd_be[867455]: Starting up With the patched version, this should no longer be a problem. [Where Problems Could Occur] With this patch applied, there may be few edge cases in (and varying b/w) different versions of GnuTLS. And also some bits that are discussed in https://bugs.openldap.org/show_bug.cgi?id=8650. But that said, the patched version is already being run in production for over two weeks time (at the time of writing - 07/04/21). So I believe the SRU will clearly benefit from this and has lower risk of regression. [More Info] === A reduced version of the patch linked above can be found attached to this bug report. This patch has been applied to version 2.4.49+dfsg- 2ubuntu1.7 and has been running in production for approximately a week and the issue has no longer occurred. No other issues have appeared during this period. To manage notifications about this bug go to: https://bugs.launchpad.net/openldap/+bug/1921562/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1921562] Re: Intermittent hangs during ldap_search_ext when TLS enabled
Just to be sure, is there anything that I would need to do in order to have the bugfix applied in a new openldap release for Ubuntu 20.04? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1921562 Title: Intermittent hangs during ldap_search_ext when TLS enabled Status in openldap: Fix Released Status in openldap package in Ubuntu: Confirmed Bug description: When connecting to an LDAP server with TLS, ldap_search_ext can hang if during the initial TLS handshake a signal is received by the process. The cause of this bug is the same as https://bugs.openldap.org/show_bug.cgi?id=8650 which was fixed in https://git.openldap.org/openldap/openldap/-/commit/735e1ab and was released as part of version 2.4.50. This bug effects Ubuntu 20.04 LTS and potentially earlier Ubuntu releases. Later Ubuntu releases use an openldap version that is at least 2.4.50 and are therefore not affected. In our case this bug cause failures in the SSSD LDAP backend at least once per day, resulting in authentication errors followed by a sssd_be restart after a timeout has been hit: Mar 19 19:05:31 mail auth[867454]: pam_sss(dovecot:auth): received for user redacted: 4 (System error) Mar 19 19:05:32 mail sssd_be[867455]: Starting up A reduced version of the patch linked above can be found attached to this bug report. This patch has been applied to version 2.4.49+dfsg- 2ubuntu1.7 and has been running in production for approximately a week and the issue has no longer occurred. No other issues have appeared during this period. As this bug affects all systems using LDAP with TLS, I suggest that the fix for this bug is ported to Ubuntu 20.04 LTS and potentially earlier versions. To manage notifications about this bug go to: https://bugs.launchpad.net/openldap/+bug/1921562/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1921562] Re: Intermittent hangs during ldap_search_ext when TLS enabled
** Description changed: When connecting to an LDAP server with TLS, ldap_search_ext can hang if during the initial TLS handshake a signal is received by the process. The cause of this bug is the same as https://bugs.openldap.org/show_bug.cgi?id=8650 which was fixed in https://git.openldap.org/openldap/openldap/-/commit/735e1ab and was released as part of version 2.4.50. This bug effects Ubuntu 20.04 LTS and potentially earlier Ubuntu releases. Later Ubuntu releases use an openldap version that is at least 2.4.50 and are therefore not affected. In our case this bug cause failures in the SSSD LDAP backend at least once per day, resulting in authentication errors followed by a sssd_be restart after a timeout has been hit: Mar 19 19:05:31 mail auth[867454]: pam_sss(dovecot:auth): received for user redacted: 4 (System error) Mar 19 19:05:32 mail sssd_be[867455]: Starting up A reduced version of the patch linked above can be found attached to this bug report. This patch has been applied to version 2.4.49+dfsg- 2ubuntu1.7 and has been running in production for approximately a week and the issue has no longer occurred. No other issues have appeared during this period. - As this bug affects al systems using LDAP with TLS , I suggest that the + As this bug affects all systems using LDAP with TLS, I suggest that the fix for this bug is ported to Ubuntu 20.04 LTS and potentially earlier versions. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1921562 Title: Intermittent hangs during ldap_search_ext when TLS enabled Status in openldap: Unknown Status in openldap package in Ubuntu: Confirmed Bug description: When connecting to an LDAP server with TLS, ldap_search_ext can hang if during the initial TLS handshake a signal is received by the process. The cause of this bug is the same as https://bugs.openldap.org/show_bug.cgi?id=8650 which was fixed in https://git.openldap.org/openldap/openldap/-/commit/735e1ab and was released as part of version 2.4.50. This bug effects Ubuntu 20.04 LTS and potentially earlier Ubuntu releases. Later Ubuntu releases use an openldap version that is at least 2.4.50 and are therefore not affected. In our case this bug cause failures in the SSSD LDAP backend at least once per day, resulting in authentication errors followed by a sssd_be restart after a timeout has been hit: Mar 19 19:05:31 mail auth[867454]: pam_sss(dovecot:auth): received for user redacted: 4 (System error) Mar 19 19:05:32 mail sssd_be[867455]: Starting up A reduced version of the patch linked above can be found attached to this bug report. This patch has been applied to version 2.4.49+dfsg- 2ubuntu1.7 and has been running in production for approximately a week and the issue has no longer occurred. No other issues have appeared during this period. As this bug affects all systems using LDAP with TLS, I suggest that the fix for this bug is ported to Ubuntu 20.04 LTS and potentially earlier versions. To manage notifications about this bug go to: https://bugs.launchpad.net/openldap/+bug/1921562/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1921562] [NEW] Intermittent hangs during ldap_search_ext when TLS enabled
Public bug reported: When connecting to an LDAP server with TLS, ldap_search_ext can hang if during the initial TLS handshake a signal is received by the process. The cause of this bug is the same as https://bugs.openldap.org/show_bug.cgi?id=8650 which was fixed in https://git.openldap.org/openldap/openldap/-/commit/735e1ab and was released as part of version 2.4.50. This bug effects Ubuntu 20.04 LTS and potentially earlier Ubuntu releases. Later Ubuntu releases use an openldap version that is at least 2.4.50 and are therefore not affected. In our case this bug cause failures in the SSSD LDAP backend at least once per day, resulting in authentication errors followed by a sssd_be restart after a timeout has been hit: Mar 19 19:05:31 mail auth[867454]: pam_sss(dovecot:auth): received for user redacted: 4 (System error) Mar 19 19:05:32 mail sssd_be[867455]: Starting up A reduced version of the patch linked above can be found attached to this bug report. This patch has been applied to version 2.4.49+dfsg- 2ubuntu1.7 and has been running in production for approximately a week and the issue has no longer occurred. No other issues have appeared during this period. As this bug affects all systems using LDAP with TLS, I suggest that the fix for this bug is ported to Ubuntu 20.04 LTS and potentially earlier versions. ** Affects: openldap Importance: Unknown Status: Unknown ** Affects: openldap (Ubuntu) Importance: Undecided Status: Confirmed ** Tags: focal ** Patch added: "retry-tls-connect-on-eintr-eagain.patch" https://bugs.launchpad.net/bugs/1921562/+attachment/5481337/+files/retry-tls-connect-on-eintr-eagain.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1921562 Title: Intermittent hangs during ldap_search_ext when TLS enabled Status in openldap: Unknown Status in openldap package in Ubuntu: Confirmed Bug description: When connecting to an LDAP server with TLS, ldap_search_ext can hang if during the initial TLS handshake a signal is received by the process. The cause of this bug is the same as https://bugs.openldap.org/show_bug.cgi?id=8650 which was fixed in https://git.openldap.org/openldap/openldap/-/commit/735e1ab and was released as part of version 2.4.50. This bug effects Ubuntu 20.04 LTS and potentially earlier Ubuntu releases. Later Ubuntu releases use an openldap version that is at least 2.4.50 and are therefore not affected. In our case this bug cause failures in the SSSD LDAP backend at least once per day, resulting in authentication errors followed by a sssd_be restart after a timeout has been hit: Mar 19 19:05:31 mail auth[867454]: pam_sss(dovecot:auth): received for user redacted: 4 (System error) Mar 19 19:05:32 mail sssd_be[867455]: Starting up A reduced version of the patch linked above can be found attached to this bug report. This patch has been applied to version 2.4.49+dfsg- 2ubuntu1.7 and has been running in production for approximately a week and the issue has no longer occurred. No other issues have appeared during this period. As this bug affects all systems using LDAP with TLS, I suggest that the fix for this bug is ported to Ubuntu 20.04 LTS and potentially earlier versions. To manage notifications about this bug go to: https://bugs.launchpad.net/openldap/+bug/1921562/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
