RC3 1.5 LDAP ldap_simple_bind: Can't contact LDAP server

[mistwang]

The "R" packet is originated by the client, but I thought it is from the server side. :-)

So, it is definitely a problem of the client.
The differences between the LDAP APIs called by "ldapsearch" and "lsws" are: "ldapsearch" use synchronized API, lsws use asynchonized API in order not to let LDAP activities block the whole server process.

After digging into OpenLDAP's source code, we found that some of their asynchronized API is not really asynchronized, like "ldap_simple_bind" stays synchronized. there is no real difference between "ldap_simple_bind_s" and "ldap_simple_bind".

We switch to synchronized API when we need to connect to LDAP server in 1.5RC4 release. Fortunately, we only need to do it once per LDAP server, and the established connection can be reused for multiple LDAP queries.

So, in production, it is better to have LDAP server resided on the same server running lsws or at least to have two servers connected by high speed swithed LAN.

Please try just released 1.5RC4, hope it works. :-)

[bogus]

I've upgraded to RC4 and... :cry:

Exactly the same scenario (client resets connection):


12:19:52.356385 81.56.193.144.49672 > 80.170.141.234.ldap: S 1726673214:1726673214(0) win 5808 <mss 1452,sackOK,timestamp 129583925 0,nop,wscale 0> (DF)
0x0000 4500 003c ba0b 4000 4006 8f53 5138 c190 E..<..@.@..SQ8..
0x0010 50aa 8dea c208 0185 66ea f13e 0000 0000 P.......f..>....
0x0020 a002 16b0 d15c 0000 0204 05ac 0402 080a .....\..........
0x0030 07b9 4b35 0000 0000 0103 0300 ..K5........
12:19:52.499361 80.170.141.234.ldap > 81.56.193.144.49672: S 1957328433:1957328433(0) ack 1726673215 win 5632 <mss 1412,sackOK,timestamp 318381160 129583925,nop,wscale 0> (DF)
0x0000 4500 003c 0000 4000 3c06 4d5f 50aa 8dea E..<..@.<.M_P...
0x0010 5138 c190 0185 c208 74aa 7631 66ea f13f Q8......t.v1f..?
0x0020 a012 1600 b7e5 0000 0204 0584 0402 080a ................
0x0030 12fa 1c68 07b9 4b35 0103 0300 ...h..K5....
12:19:52.499419 81.56.193.144.49672 > 80.170.141.234.ldap: R 1726673215:1726673215(0) win 0 (DF)
0x0000 4500 0028 0000 4000 4006 4973 5138 c190 E..(..@.@.IsQ8..
0x0010 50aa 8dea c208 0185 66ea f13f 0000 0000 P.......f..?....
0x0020 5004 0000 a2cb 0000 P.......


The link is slow (128kbits) between client and server, but other clients don't complain. And it is still fast enough.

In LSWS the error :
ldap_simple_bind_s: Can't contact LDAP server

now appears 4 times on each attempt.

I'm sorry. But is there anybody else out there who tried the LDAP feature over the internet ?

[mistwang]

Holy crab! :evil:

I think it has something to do with the slow connection.

We find a way to enable LDAP debug logging. Please download RC4 package again. You can find the log output in lsws/logs/stderr.log, pleae post it here.

Also, please do "ldapsearch -d 255 ..." and post the debug output as well.

Right now, you are the only one testing this feature. Hopefully, Paul, our another beta user, will get his hand on this soon. :-)

Thank you very much for your help!