You're right Igor, I did create a memory leak, when I uncomment that line though, saslauthd breaks, so I wasn't exactly sure what to do. I agree, persistance would be nice to limit the load on the LDAP servers, from what I've seen, what is happening is that authentications will work fine using the persistance cache for a while, then after a few minutes, it will stop working. I tracked it down and I printed the reply from the LDAP server, and it is in fact "NO", a signal that access has been denied (I tested this by making AUTHFAIL messages in saslauthd print the reply fully). >From that point on, it's downhill from there, and saslauthd gets "NO" in it's char *reply every time. I can give you more specifics if you need it.
cheers, mohan On Thu, 26 Sep 2002, Igor Brezac wrote: > > Mohan/Lee, > > Thanks for the patch. Unfortunately, this still does not fix the problem > completely. I think that you may have created a memory leak, so you might > want to monitor the saslauthd process. I really want to keep the > persistance in place, otherwise busy sites may create an unneccessary load > on the ldap server. > > In the meaning time I'll try to locate an RH box and I'll try to duplicate > the problem. Few questions, have you used ldap_cache_* params in > saslautd.conf? After you installed different versions of openldap, have > you recompiled saslauthd each time? > > Note, this code works fine on Solaris 8 and 9. At least this is the > case in my environments. > > -Igor > > On Thu, 26 Sep 2002, Lee Hoffman wrote: > > > Guys, > > This patch solved the problem I described below. I installed the patch 3 > > days ago, and havent had the problem since. > > > > To reiterate for the loyal cyrus bug hunters: > > > > My system is using cyrus 2.1.5, sasl 2.1.7 on a RH7.3 box (ive tried > > this config against 4 different versions of openldap, on two completely > > different servers) and I compiled with: > > > > SASL: > > ./configure --enable-plain --disable-krb4 > > --with-saslauthd=/var/run/saslauthd --with-ldap=/usr/local/lib > > > > IMAP: > > ./configure --with-sasl=/usr/local/lib --with-perl --with-auth=unix > > --with-ssl --with-dbdir=/usr/local/BerkeleyDB.4.0 --with-ucdsnmp=no > > > > > > Sincerely, > > Lee > > > > > > -----Original Message----- > > From: Mohan Khurana [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, September 26, 2002 7:56 PM > > To: Lee Hoffman > > Cc: [EMAIL PROTECTED]; Igor Brezac > > Subject: Re: Serious Bug in Cyrus/SASL: Intermittent Ldap AUTHFAIL > > > > Lee, > > > > Below, I've included a patch, it basically removes persistance from > > saslauthd. This has fixed the problem for me. I'm not exactly familiar > > with all the code, so I was unable to free the lak config structure, but > > this does let you atleast get saslauthd working. I think there's a > > problem with persistance, I'm not exactly sure what it is though. Any > > thoughts? > > > > mohan > > > > *** ../../orig/cyrus-sasl-2.1.7/saslauthd/lak.c Thu Aug 1 15:58:24 2002 > > --- lak.c Thu Sep 26 19:42:11 2002 > > *************** > > *** 816,821 **** > > --- 816,832 ---- > > rc = lak_auth_custom(lak, user, realm, password); > > } > > > > + /* free the lak */ > > + if (lak->ld) { > > + if (lak->conf->cache_ttl) > > + ldap_destroy_cache(lak->ld); > > + ldap_unbind_s(lak->ld); > > + lak->ld = NULL; > > + } > > + //lak_free_config(&(lak->conf)); > > + free(lak); > > + persistent_lak = NULL; > > + > > return rc; > > } > > > > *************** > > *** 846,851 **** > > --- 857,874 ---- > > attrs[1] = NULL; > > > > rc = lak_retrieve(lak, user, realm, (const char **)attrs, > > &lres); > > + > > + /* free the lak */ > > + if (lak->ld) { > > + if (lak->conf->cache_ttl) > > + ldap_destroy_cache(lak->ld); > > + ldap_unbind_s(lak->ld); > > + lak->ld = NULL; > > + } > > + lak_free_config(&lak->conf); > > + free(lak); > > + persistent_lak = NULL; > > + > > if (rc != LAK_OK) { > > return rc; > > } > > > > > > > > > > > > -- > Igor > > > > >
