Bug 555189
Summary: | ldclt: -e randombinddnfromfile fails with LDAP_UNWILLING_TO_PERFORM (53) | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] 389 | Reporter: | Noriko Hosoi <nhosoi> | ||||
Component: | Command Line Utilities | Assignee: | Noriko Hosoi <nhosoi> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Viktor Ashirov <vashirov> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 1.3.0 | CC: | amsharma, sramling | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-12-07 16:55:50 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 495079, 639035 | ||||||
Attachments: |
|
Description
Noriko Hosoi
2010-01-13 23:46:33 UTC
Created attachment 383582 [details]
git patch for ldclt
Description
When "-e randombinddnfromfile=file" is given, bind dn and password pair
is retrieved from the file and is supposed to pass to ldap_sasl_bind_s.
Although the password was read from the file, but it was not set to the
berval "cred" which was passed to ldap_sasl_bind_s. Therefore, the
bind operation tried to bind with bind dn and NULL password, which now
fails since it's considered as an unauthenticated bind.
Also, a usage typo is being fixed.
---
ldap/servers/slapd/tools/ldclt/ldapfct.c | 53 +++++++++++++++++++----------
ldap/servers/slapd/tools/ldclt/ldclt.use | 2 +-
ldap/servers/slapd/tools/ldclt/ldcltU.c | 4 +-
3 files changed, 38 insertions(+), 21 deletions(-)
Thanks to Rich for reviewing the change. Pushed to master. $ git merge work Updating 008edfb..80fb1c7 Fast forward ldap/servers/slapd/tools/ldclt/ldapfct.c | 53 +++++++++++++++++++---------- ldap/servers/slapd/tools/ldclt/ldclt.use | 2 +- ldap/servers/slapd/tools/ldclt/ldcltU.c | 4 +- 3 files changed, 38 insertions(+), 21 deletions(-) $ git push Counting objects: 19, done. Delta compression using 2 threads. Compressing objects: 100% (10/10), done. Writing objects: 100% (10/10), 1.61 KiB, done. Total 10 (delta 8), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 008edfb..80fb1c7 master -> master Steps to verify: --------------- 1. Add 100 entries using ldclt. ldclt -h $HOST -p $PORT -D "cn=directory manager" -w Secret123 -b "dc=example,dc=com" -e "object=Users.ldif,rdn=uid:testusr[A=INCRNNOLOOP(100;199;3)]" -e add,commoncounter -n 20 -N 100 -T 100 cat Users.ldif objectClass: top objectclass: person objectClass: inetorgperson sn: new[A] cn: new[A] telephoneNumber: 98[A] mail: new[A]@redhat.com givenName: new[A] userPassword: Secret[A] 2. Create a random bind dn file as this uid=testusr100,dc=example,dc=com Secret100 uid=testusr101,dc=example,dc=com Secret101 uid=testusr102,dc=example,dc=com Secret102 uid=testusr103,dc=example,dc=com Secret103 uid=testusr104,dc=example,dc=com Secret104 uid=testusr105,dc=example,dc=com Secret105 uid=testusr106,dc=example,dc=com Secret106 uid=testusr107,dc=example,dc=com Secret107 3. ldclt -h $HOST -p $PORT -b "dc=example,dc=com" -e bindeach,bindonly -e randombinddnfromfile=/export/data/bind.txt (In reply to comment #3) > Steps to verify: > --------------- > 1. Add 100 entries using ldclt. > ldclt -h $HOST -p $PORT -D "cn=directory manager" -w Secret123 -b > "dc=example,dc=com" -e > "object=Users.ldif,rdn=uid:testusr[A=INCRNNOLOOP(100;199;3)]" -e > add,commoncounter -n 20 -N 100 -T 100 > > cat Users.ldif > > objectClass: top > objectclass: person > objectClass: inetorgperson > sn: new[A] > cn: new[A] > telephoneNumber: 98[A] > mail: new[A]@redhat.com > givenName: new[A] > userPassword: Secret[A] > > 2. Create a random bind dn file as this > > uid=testusr100,dc=example,dc=com Secret100 > uid=testusr101,dc=example,dc=com Secret101 > uid=testusr102,dc=example,dc=com Secret102 > uid=testusr103,dc=example,dc=com Secret103 > uid=testusr104,dc=example,dc=com Secret104 > uid=testusr105,dc=example,dc=com Secret105 > uid=testusr106,dc=example,dc=com Secret106 > uid=testusr107,dc=example,dc=com Secret107 > This should have a tab between uid and password : uid=testusr100,dc=example,dc=com<tab>Secret100 > 3. ldclt -h $HOST -p $PORT -b "dc=example,dc=com" -e bindeach,bindonly -e > randombinddnfromfile=/export/data/bind.txt ldclt -h localhost -p 389 -b "dc=pnq,dc=redhat,dc=com" -e bindeach,bindonly -e randombinddnfromfile=/export/bind.txt -N 10 ldclt version 4.23 ldclt[11168]: Starting at Thu Jul 28 18:33:14 2011 ldclt[11168]: Average rate: 2032.50/thr (2032.50/sec), total: 20325 ldclt[11168]: Average rate: 924.50/thr ( 924.50/sec), total: 9245 ldclt[11168]: Average rate: 209.60/thr ( 209.60/sec), total: 2096 ldclt[11168]: Average rate: 200.40/thr ( 200.40/sec), total: 2004 ldclt[11168]: Average rate: 193.40/thr ( 193.40/sec), total: 1934 ldclt[11168]: Average rate: 185.70/thr ( 185.70/sec), total: 1857 ldclt[11168]: Average rate: 178.40/thr ( 178.40/sec), total: 1784 ldclt[11168]: Average rate: 174.10/thr ( 174.10/sec), total: 1741 ldclt[11168]: Average rate: 170.60/thr ( 170.60/sec), total: 1706 ldclt[11168]: Average rate: 712.90/thr ( 712.90/sec), total: 7129 ldclt[11168]: Number of samples achieved. Bye-bye... ldclt[11168]: All threads are dead - exit. ldclt[11168]: Global average rate: 4982.10/thr (498.21/sec), total: 49821 ldclt[11168]: Global number times "no activity" reports: never ldclt[11168]: Global no error occurs during this session. ldclt[11168]: Ending at Thu Jul 28 18:34:54 2011 ldclt[11168]: Exit status 0 - No problem during execution. Thanks Sankarr for steps, Hence marking VERIFIED. /usr/bin/ldclt -h 10.65.201.68 -p 1589 -b "dc=testldclt,dc=com" -e bindeach,bindonly -e randombinddnfromfile=/export/data/bind.txt ldclt version 4.23 ldclt[14404]: Starting at Thu Jul 28 15:52:23 2011 ldclt[14404]: Average rate: 2057.60/thr (2057.60/sec), total: 20576 ldclt[14404]: T002: Cannot ldap_simple_bind_s (uid=newuser105,dc=testldclt,dc=com, Secret105), error=-1 (Can't contact LDAP server) ldclt[14404]: Illegal error number -1 ldclt[14404]: T002: thread is dead. ldclt[14404]: T008: Cannot ldap_simple_bind_s (uid=newuser106,dc=testldclt,dc=com, Secret106), error=-1 (Can't contact LDAP server) ldclt[14404]: Illegal error number -1 ldclt[14404]: T005: thread is dead. ldclt[14404]: T006: Cannot ldap_simple_bind_s (uid=newuser104,dc=testldclt,dc=com, Secret104), error=-1 (Can't contact LDAP server) ldclt[14404]: Illegal error number -1 ldclt[14404]: T006: thread is dead. ldclt[14404]: Average rate: 763.60/thr ( 763.60/sec), total: 7636 ldclt[14404]: Average rate: 0.00/thr ( 0.00/sec), total: 0 ldclt[14404]: All threads are dead - exit. ldclt[14404]: Global average rate: 2821.20/thr (940.40/sec), total: 28212 ldclt[14404]: Global number times "no activity" reports: never ldclt[14404]: Global number of dead threads: 10 ldclt[14404]: Global illegal errors (codes not in [0, 97]) occurs 10 times ldclt[14404]: Ending at Thu Jul 28 15:52:53 2011 ldclt[14404]: Exit status 4 - Cannot bind. In fact, I have seen similar error messages in the SSL stress tests. I am not sure whats wrong here. These messages from SSL stress tests. ldclt[22417]: Illegal error number -1 ldclt[22428]: Illegal error number -1 ldclt[22439]: Illegal error number -1 Unfortunately, the error is coming from the network connection failure. Ldclt is sending out too many connection/bind requests. Error -1 is considered "Can't contact LDAP server", but actually the server is up and most bind requests are proccessed properly. For instance, [28/Jul/2011:15:52:36 -0400] conn=28230 op=0 BIND dn="uid=newuser102,dc=testldclt,dc=com" method=128 version=3 [28/Jul/2011:15:52:36 -0400] conn=28230 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=newuser102,dc=testldclt,dc=com" There is no error logged in the access log. # egrep err= /var/log/dirsrv/slapd-testldclt/access | egrep -v err=0 # To use ldclt for stressing the server, please ignore '-1' as follows: ldclt -h localhost -p 10389 -b "..." -e bindeach,bindonly -e randombinddnfromfile=/path/to/bind.txt -I '-1' Or you could run with '-W 1' to slow down ldclt to verify this bug. As per comment #8, problem goes off when using ldclt commands with -W and -I '-1' options. ldclt -h 10.65.201.68 -p 1589 -b "dc=testldclt,dc=com" -e bindeach,bindonly -e randombinddnfromfile=/export/data/bind.txt -n 10 -N 10 -T 10 -I '-1' -W 2 ldclt version 4.23 ldclt[22145]: Starting at Fri Jul 29 16:51:16 2011 ldclt[22145]: Average rate: 4.00/thr ( 4.00/sec), total: 40 ldclt[22145]: Average rate: 5.00/thr ( 5.00/sec), total: 50 ldclt[22145]: Average rate: 1.00/thr ( 1.00/sec), total: 10 ldclt[22145]: Average rate: 0.00/thr ( 0.00/sec), total: 0 ldclt[22145]: All threads are dead - exit. ldclt[22145]: Global average rate: 10.00/thr ( 2.50/sec), total: 100 ldclt[22145]: Global number times "no activity" reports: never ldclt[22145]: Global number of dead threads: 10 ldclt[22145]: Global no error occurs during this session. ldclt[22145]: Ending at Fri Jul 29 16:51:56 2011 ldclt[22145]: Exit status 0 - No problem during execution. |