Description of problem:
After successfully configuring Server to Server Connection via SASL/DIGEST-MD5 (SSL or TLS) the first server fails to stop. With the following error:
Server still running!! Failed to stop the ns-slapd process: 18341. Please check the errors log for problems.
[08/Jan/2009:13:19:44 -0500] - slapd shutting down - signaling operation threads
[08/Jan/2009:13:19:44 -0500] - slapd shutting down - waiting for 29 threads to terminate
[08/Jan/2009:13:19:44 -0500] - slapd shutting down - closing down internal subsystems and plugins
[08/Jan/2009:13:22:12 -0500] - repl5_tot_waitfor_async_results timed out waiting for responses: 0 164
[08/Jan/2009:13:22:13 -0500] - repl5_tot_waitfor_async_results timed out waiting for responses: 0 176
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install two servers
2. Configure replication to bind with SASL/GSSAPI over TLS or SSL
3. View errors log
4. Try to stop server 1.
See above - server 1 subsequently becomes unreachable but service appears to be still running
Server one to stop and restart.
Server 1 and Server 2 MMR Server 3 Read Only Consumer of Server 1
* Create Instances
* SSL secure the instances
* Add required SASL maps
* Change password scheme to CLEAR
* Add replication manager under cn=config
* Add changelogs
* Enable replication
* Add replication agreemens
* Initialize consumers
Server 2 and Server 3 (consumer) stop and start successfully
Created attachment 328916 [details]
Created attachment 328926 [details]
cvs commit log
Reviewed by: nhosoi (Thanks!)
Fix Description: Using ldap_set_option with LDAP_OPT_X_SASL_SECPROPS is not thread safe. ldap_set_option acquires the OPTION lock, but using LDAP_OPT_X_SASL_SECPROPS just calls return rather than calling break to exit the switch and unlock the lock. A mozilla bug has been filed https://bugzilla.mozilla.org/show_bug.cgi?id=473438. The fix is to use LDAP_OPT_X_SASL_SSF_MAX.
Platforms tested: RHEL5
Flag Day: no
Doc impact: no
Can no longer add an agreement configured with GSSAPI over TLS. fix verified - RHEL 5 DS 8.1.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.