On Apr 3, 2008, at 3:31 PM, Quanah Gibson-Mount wrote:
In the example I included, the server timeout error was sent to stderr if the server was down (e.g. connect() gets an RST) but not in the case of atimeout (the LDIF comment is all you get).In this case, do you mean a timeout at the *protocol* level, where the search hits a timelimit set on the server side?
Yes - if the timeout is at the network level it will simply hang until killed unless you have tcp keepalives enabled.
Here's the offending code:
if( !ldif ) {
printf( "result: %d %s\n", err, ldap_err2string(err) );
} else if ( err != LDAP_SUCCESS ) {
fprintf( stderr, "%s (%d)\n", ldap_err2string(err), err );
}
Basically, I'd like to change ldapsearch.c so errors are always
reported to stderr rather than only when -L is also specified. It
looks like most of the other error cases do this, although I did
notice that some of the LDAP_SYNC stuff sends errors to stdout, too.
if ( err != LDAP_SUCCESS ) {
fprintf( stderr, "Search failed: %s (%d)\n", ldap_err2string(err),
err );
}
if( !ldif ) {
printf( "result: %d %s\n", err, ldap_err2string(err) );
}
I've attached a patch which also changes the two other places where
printf was used to report abnormal conditions to use frpintf(stderr
instead of printf.
ldapsearch-stderr.diff
Description: Binary data
Do you use nscd?
Yes but I've reproduced the problems with and without it. Basically either way it works reasonably well (fails in at a low multiple of the specified timelimit) if you have a clean failure but hangs indefinitely if you have something like a LDAP server which accepts connections but doesn't respond which is the failure mode we've observed in all three of our major slapd outages (#303057, #378261).
Thanks, Chris
smime.p7s
Description: S/MIME cryptographic signature
