Re: Error message: ERR_00004 The PDU buffer size is too small !
On 9/23/10 11:50 AM, Wasscher, Ewald wrote: Good day, We're currently testing Apache Directory Server (ADS) in a custom environment for a customer of ours. In this environment ADS is used to store certificates and certificate revocation lists. At first everything seemed to be working fine, but we encounter an error that seems to randomly occur every now. When adding an object, viewing an object in Directory Studio or adding attributes (the certificate) to an existing object this fails with the following message in apacheds-rolling.log: ERR_4 The PDU buffer size is too small !. After encountering this error I twice raised the max PDU buffer size in server.xml to: maxPDUSize=4000 And restarted the server. Unfortunately the error still occurs every now and then. I'd appreciate if someone could explain why this occurs and, if possible, how this can be fixed. I added a log fragment, which is, for the sake of readability, an attachment. The company name as it occurs in the log file has been modified. This is a serious issue. This error just indicate that the encoding is not correctly process a request or a response (ie, we compute the encoded PDU for a LDAP message, allocate the appropriate ByteBuffer, then feed it with the real data). If you get this error, that means we try to store a bigger value than the buffer we allocated... At this point, I would suggest you first create a JIRA for this, and provide a bit more informations : - ADS version you are using - attach an LDIF for the entry that fails (if it's always the same entry, of course) If it's not enough, we can provide a patch to dump the message when you get this error, so that we can analyze exactly what's going on. Sorry for the burden ! -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
Re: Error message: ERR_00004 The PDU buffer size is too small !
On 9/23/10 3:32 PM, Wasscher, Ewald wrote: Good day Emmanuel, Thank you for the reply, I just created this entry: https://issues.apache.org/jira/browse/DIRSERVER-1556 Thanks for that ! And the burden is no problem. Personally I hate it when users complain it doesn't work without giving information, so I understand your question completely. It's still a problem, because if the server is unable to generate a correct PDU for a simple request, then your clients are unlikely to be the one having issues with the server... What could really help here is a LDIF for the entry that cause the problem (Of course, if there are some confidentiality issues, something I can understand, please contact me directly to see what we can do). Many thanks ! -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
Set up ApacheDS Kerberos Service
Hello, i'm trying to set up ApachDS Server with Kerberos and Kpasswd service. I reproduced the documented EXAMPLE.COM realm and everything worked fine. But when I change the realm to another, kinit works fine. But when I try to use kpasswd, I get the error: The ticket isn't for us I'm using ApacheDS 1.5.7 [23:30:27] DEBUG [org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler] - /10.200.100.138:49348 CREATED: datagram[23:30:27] DEBUG [org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler] - /10.200.100.138:49348 OPENED[23:30:27] DEBUG [org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler] - /10.200.100.138:49348 RCVD: org.apache.directory.server.changepw.messages.changepasswordrequ...@987197[23:30:27] DEBUG [org.apache.directory.server.changepw.service.ChangePasswordService] - Responding to change password request: versionNumber 1[23:30:27] WARN [org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler] - The ticket isn't for usorg.apache.directory.server.kerberos.shared.exceptions.KerberosException: The ticket isn't for us at org.apache.directory.server.changepw.service.ChangePasswordService.verifyServiceTicket(ChangePasswordService.java:192) at org.apache.directory.server.changepw.service.ChangePasswordService.execute(ChangePasswordService.java:85) at org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler.messageReceived(ChangePasswordProtocolHandler.java:139) at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375) at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426) at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436) at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407) at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56) at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)[23:30:27] DEBUG [org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler] - /10.200.100.138:49348 SENT: org.apache.directory.server.changepw.messages.changepassworder...@497904[23:31:21] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /10.200.100.138:49344 CLOSED[23:31:27] DEBUG [org.apache.directory.server.changepw.protocol.ChangePasswordProtocolHandler] - /10.200.100.138:49348 CLOSED[23:31:27] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /10.200.100.138:49347 CLOSED Has anybody an idea what's going wrong there? Best regards, Tom