sssd.git - Unnamed repository; edit this file to name it for gitweb.

diff options

author	Lukas Slebodnik <lslebodn@redhat.com>	2016-10-26 17:40:08 +0200
committer	Lukas Slebodnik <lslebodn@redhat.com>	2017-01-25 12:41:08 +0100
commit	31459a01486cfb2c04759bc998ff0c3ed19df81e (patch)
tree	a4228eb65f93f097173e0b93f8206fdd6c54c85f /src/python
parent	e6a5f8c58539fc31fd81fac89cfc85703b4250ea (diff)

UTIL: Unset O_NONBLOCK for ldap connection

Before the commit 75e66c388862a4ba05afe0791c5503226395bad0, the flag O_NONBLOCK was set only for the connect syscall in request sssd_async_connect_send -> sssd_async_connect_send. Such change was done for secrets provider. However, if ldap is compiled with gnutls it caused problems with start_tls and ldaps. There is not a problem with libldap 2.5 + gnutls because libldap is compiled with LDAP_USE_NON_BLOCKING_TLS OpenLDAP Server log: 5810cf2f connection_get(23): got connid=1042 5810cf2f connection_read(23): checking for input on id=1042 TLS: error: accept - force handshake failure: errno 11 - moznss error -12234 TLS: can't accept: TLS error -12234:SSL received an unexpected Application Data record.. 5810cf2f connection_read(23): TLS accept failure error=-1 id=1042, closing 5810cf2f connection_close: conn=1042 sd=23 sssd domain log: [simple_bind_send] (0x0100): Executing simple bind as: uid=user1,dc=example,dc=com [simple_bind_send] (0x2000): ldap simple bind sent, msgid = 2 [sdap_op_add] (0x2000): New operation 2 timeout 6 [sdap_process_result] (0x2000): Trace: sh[0x151c240], connected[1], ops[0x1515700], ldap[0x1511bd0] [sdap_process_result] (0x2000): Trace: end of ldap_result list [sdap_process_result] (0x2000): Trace: sh[0x151c240], connected[1], ops[0x1515700], ldap[0x1511bd0] [sdap_process_result] (0x0040): ldap_result error: [Can't contact LDAP server] [sdap_handle_release] (0x2000): Trace: sh[0x151c240], connected[1], ops[0x1515700], ldap[0x1511bd0], destructor_lock[0], release_memory[0] [remove_connection_callback] (0x4000): Successfully removed connection callback. [sdap_op_destructor] (0x1000): Abandoning operation 2 [dp_req_done] (0x0400): DP Request [PAM Authenticate #3]: Request handler finished [0]: Success [_dp_req_recv] (0x0400): DP Request [PAM Authenticate #3]: Receiving request data. [dp_req_destructor] (0x0400): DP Request [PAM Authenticate #3]: Request removed. [dp_req_destructor] (0x0400): Number of active DP request: 0 [dp_method_enabled] (0x0400): Target selinux is not configured [dp_pam_reply] (0x1000): DP Request [PAM Authenticate #3]: Sending result [4][LDAP] Resolves: https://fedorahosted.org/sssd/ticket/3189 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

Diffstat (limited to 'src/python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: