** Description changed: - On precise, the slapd daemon return "error code 2 - controls require - LDAPv3" to client search. I don't see any reason why this would occure, - because if you run the same command few seconds later, it (may) work. + [IMPACT] - For example, using nss_ldap, when running in a loop "id pierref", you - may sometime have fewer group that you would normally have. And few - seconds later, everything go back to normal. + * Any client connecting in LDAPv3 and using v3 specific feature may fail + * This include libnss-ldap (so id user may not return all group). Thus you may login without all your groups and need to logout/login on more time. + * This issue is known and fixed on upsteam, ITS#7107 (commit 85c1c545f4e20882a2f748fcef5f732ea2d2ecf6). - We also have this issue with some other tools, like Confluence - (Atlassian's wiki) and also a internal tools developped in Python. + [TESTCASE] - On client side (confluence), we have - "javax.naming.CommunicationException: [LDAP: error code 2 - controls - require LDAPv3];" + To reproduce this issue, you will need to do enougth search some with + version 2, other with version 3 and some control. - On server side, we found the same "controls require LDAPv3" returned - with get_ctrl function. I attached log extract of slapd server at - loglevel any. On log I keep one successfull search done by confluence - and one failed search. + Example: - Note: on server log - if I understand log correctly - the client bind - with version 3 of protocol... while error complain about not behind - version 3... - - Version: - - * server : Ubuntu precise 3.2.0-26-generic x86_64, slapd 2.4.28-1.1ubuntu4 - * client 1 : Ubuntu lucid 2.6.32-41-server x86_64, libnss-ldap 264-2ubuntu2, ldap-utils 2.4.21-0ubuntu5.7 - * client 2 : Ubuntu precise 3.2.0-26-virtual x86_64, libnss-ldap 264-2.2ubuntu2, ldap-utils 2.4.28-1.1ubuntu4 - - Their is two LDAP server (replication), I attached configuration of - both. - - I also attached a "test_nss.sh" which show this bug on client side. + * In terminal A, run: while true; do ldapsearch -h 127.0.0.1 -b o=company uid=dontcare -P 2 > /dev/null;sleep 0.1;done + * Let the loop run for some time (it increase change of failure for next step). + * In terminal B, run ldapsearch -h 127.0.0.1 -b o=company uid=dontcare -M. You should not have to run more than 20 times before an error occure.
-- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1023025 Title: search fail with get_ctrls : controls require LDAPv3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1023025/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs