Bug 1658423
Summary: | openldap and concurrency error connecting to ldaps server | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | ryan.brothers |
Component: | openldap | Assignee: | Matus Honek <mhonek> |
Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.6 | CC: | pkis |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-06 15:24:09 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
ryan.brothers
2018-12-12 02:50:05 UTC
Hello, thanks for the report. The concurrency handling in this case is only on the level of the process itself. When multiple process try to do the extraction using the same configuration, a collision may occur (which is indeed a bug). We'll look into ways how to fix this bug efficiently. In the meantime, two workarounds come on my mind: - Do not use NSS database configuration, use PEM files (OpenSSL style of configuration) for the TLS_* options. - Before the troublesome calls, do a single dummy (e.g. ldapwhoami) call with the very same configuration. This will create the /tmp/openldap-tlsmc-* directory structure and all the subsequent calls will only read files from there. Regards. Hello, given the support level in this phase of RHEL 7, and given there is a workaround by using PEM files instead of NSS DB, I'm closing this bug as WONTFIX. Should there be sufficient justification for a need to develop a fix, please provide the justification, preferably contacting our customer support. Thank you for you understanding. |