Yes, to my knowledge. This may be related just to Lee's environment, I am still researching the issue.
-Igor On Fri, 27 Sep 2002, C. Wegrzyn wrote: > Is this a RedHat 7.3 problem only? > > Chuck Wegrzyn > > ----- Original Message ----- > From: "Mohan Khurana" <[EMAIL PROTECTED]> > To: "Igor Brezac" <[EMAIL PROTECTED]> > Cc: "Lee Hoffman" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Friday, September 27, 2002 9:22 PM > Subject: Re: BUG ALERT! - RE: Serious Bug in Cyrus/SASL: Intermittent Ldap > AUTHFAIL > > > > You're right Igor, I did create a memory leak, when I uncomment that line > > though, saslauthd breaks, so I wasn't exactly sure what to do. I agree, > > persistance would be nice to limit the load on the LDAP servers, from what > > I've seen, what is happening is that authentications will work fine using > > the persistance cache for a while, then after a few minutes, it will stop > > working. I tracked it down and I printed the reply from the LDAP server, > > and it is in fact "NO", a signal that access has been denied (I tested > > this by making AUTHFAIL messages in saslauthd print the reply fully). > > From that point on, it's downhill from there, and saslauthd gets "NO" in > > it's char *reply every time. I can give you more specifics if you need > it. > > > > cheers, > > mohan > > > > On Thu, 26 Sep 2002, Igor Brezac wrote: > > > > > > > > Mohan/Lee, > > > > > > Thanks for the patch. Unfortunately, this still does not fix the > problem > > > completely. I think that you may have created a memory leak, so you > might > > > want to monitor the saslauthd process. I really want to keep the > > > persistance in place, otherwise busy sites may create an unneccessary > load > > > on the ldap server. > > > > > > In the meaning time I'll try to locate an RH box and I'll try to > duplicate > > > the problem. Few questions, have you used ldap_cache_* params in > > > saslautd.conf? After you installed different versions of openldap, have > > > you recompiled saslauthd each time? > > > > > > Note, this code works fine on Solaris 8 and 9. At least this is the > > > case in my environments. > > > > > > -Igor > > > > > > On Thu, 26 Sep 2002, Lee Hoffman wrote: > > > > > > > Guys, > > > > This patch solved the problem I described below. I installed the patch > 3 > > > > days ago, and havent had the problem since. > > > > > > > > To reiterate for the loyal cyrus bug hunters: > > > > > > > > My system is using cyrus 2.1.5, sasl 2.1.7 on a RH7.3 box (ive tried > > > > this config against 4 different versions of openldap, on two > completely > > > > different servers) and I compiled with: > > > > > > > > SASL: > > > > ./configure --enable-plain --disable-krb4 > > > > --with-saslauthd=/var/run/saslauthd --with-ldap=/usr/local/lib > > > > > > > > IMAP: > > > > ./configure --with-sasl=/usr/local/lib --with-perl --with-auth=unix > > > > --with-ssl --with-dbdir=/usr/local/BerkeleyDB.4.0 --with-ucdsnmp=no > > > > > > > > > > > > Sincerely, > > > > Lee > > > > > > > > > > > > -----Original Message----- > > > > From: Mohan Khurana [mailto:[EMAIL PROTECTED]] > > > > Sent: Thursday, September 26, 2002 7:56 PM > > > > To: Lee Hoffman > > > > Cc: [EMAIL PROTECTED]; Igor Brezac > > > > Subject: Re: Serious Bug in Cyrus/SASL: Intermittent Ldap AUTHFAIL > > > > > > > > Lee, > > > > > > > > Below, I've included a patch, it basically removes persistance from > > > > saslauthd. This has fixed the problem for me. I'm not exactly > familiar > > > > with all the code, so I was unable to free the lak config structure, > but > > > > this does let you atleast get saslauthd working. I think there's a > > > > problem with persistance, I'm not exactly sure what it is though. Any > > > > thoughts? > > > > > > > > mohan > > > > > > > > *** ../../orig/cyrus-sasl-2.1.7/saslauthd/lak.c Thu Aug 1 15:58:24 > 2002 > > > > --- lak.c Thu Sep 26 19:42:11 2002 > > > > *************** > > > > *** 816,821 **** > > > > --- 816,832 ---- > > > > rc = lak_auth_custom(lak, user, realm, password); > > > > } > > > > > > > > + /* free the lak */ > > > > + if (lak->ld) { > > > > + if (lak->conf->cache_ttl) > > > > + ldap_destroy_cache(lak->ld); > > > > + ldap_unbind_s(lak->ld); > > > > + lak->ld = NULL; > > > > + } > > > > + //lak_free_config(&(lak->conf)); > > > > + free(lak); > > > > + persistent_lak = NULL; > > > > + > > > > return rc; > > > > } > > > > > > > > *************** > > > > *** 846,851 **** > > > > --- 857,874 ---- > > > > attrs[1] = NULL; > > > > > > > > rc = lak_retrieve(lak, user, realm, (const char **)attrs, > > > > &lres); > > > > + > > > > + /* free the lak */ > > > > + if (lak->ld) { > > > > + if (lak->conf->cache_ttl) > > > > + ldap_destroy_cache(lak->ld); > > > > + ldap_unbind_s(lak->ld); > > > > + lak->ld = NULL; > > > > + } > > > > + lak_free_config(&lak->conf); > > > > + free(lak); > > > > + persistent_lak = NULL; > > > > + > > > > if (rc != LAK_OK) { > > > > return rc; > > > > } > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > Igor > > > > > > > > > > > > > > > > > > > > > > -- Igor
