Description of problem: After successfully configuring Server to Server Connection via SASL/DIGEST-MD5 (SSL or TLS) the first server fails to stop. With the following error: Server still running!! Failed to stop the ns-slapd process: 18341. Please check the errors log for problems. Errors log: [08/Jan/2009:13:19:44 -0500] - slapd shutting down - signaling operation threads [08/Jan/2009:13:19:44 -0500] - slapd shutting down - waiting for 29 threads to terminate [08/Jan/2009:13:19:44 -0500] - slapd shutting down - closing down internal subsystems and plugins [08/Jan/2009:13:22:12 -0500] - repl5_tot_waitfor_async_results timed out waiting for responses: 0 164 [08/Jan/2009:13:22:13 -0500] - repl5_tot_waitfor_async_results timed out waiting for responses: 0 176 Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Install two servers 2. Configure replication to bind with SASL/GSSAPI over TLS or SSL 3. View errors log 4. Try to stop server 1. Actual results: See above - server 1 subsequently becomes unreachable but service appears to be still running Expected results: Server one to stop and restart. Additional info: Configuration Tested: Server 1 and Server 2 MMR Server 3 Read Only Consumer of Server 1 * Create Instances * SSL secure the instances * Add required SASL maps * Change password scheme to CLEAR * Add replication manager under cn=config * Add changelogs * Enable replication * Add replication agreemens * Initialize consumers Server 2 and Server 3 (consumer) stop and start successfully
Created attachment 328916 [details] diffs
Created attachment 328926 [details] cvs commit log Reviewed by: nhosoi (Thanks!) Fix Description: Using ldap_set_option with LDAP_OPT_X_SASL_SECPROPS is not thread safe. ldap_set_option acquires the OPTION lock, but using LDAP_OPT_X_SASL_SECPROPS just calls return rather than calling break to exit the switch and unlock the lock. A mozilla bug has been filed https://bugzilla.mozilla.org/show_bug.cgi?id=473438. The fix is to use LDAP_OPT_X_SASL_SSF_MAX. Platforms tested: RHEL5 Flag Day: no Doc impact: no
Can no longer add an agreement configured with GSSAPI over TLS. fix verified - RHEL 5 DS 8.1.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-0455.html