[nssldap] More return code issues with nss_ldap
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[nssldap] More return code issues with nss_ldap
- From: "Howard Wilkinson" <howard [at] cohtech.com>
- To: <nssldap [at] padl.com>
- Subject: [nssldap] More return code issues with nss_ldap
- Date: Thu, 26 Nov 2009 15:51:49 -0000
I think I have found another issue with nss_ldap, this exists in 265 and
probably in previous versions.
I still need to confirm the exact nature of the problem and pin it down to the
nss_ldap code, but what I think I have found is a bug in the group lookup. When
enumerating a group entry nss_ldap returns NSS_TRYAGAIN if the size of the
members data exceeds the buffer length passed into the code. I suspect that it
is not setting the ERANGE errno when this happens, or possibly the TRYAGAIN is
getting converted into another response. This is causing the enumeration of a
group map to terminate early.
Does anybody have any evidence that this is not the case (e.g. groups with
sufficient member data to blow the 1024 byte buffer and still being enumerated
by the code.
If I have this right what I intend to do to fix this, is to get the code to
return the correct pairs of response, but also provide a configuration variable
allowing the member set to be truncated to fit into a fixed length buffer (e.g.
a 1024 byte buffer) so that other groups can be returned successfully.
Any comments?
Regards, Howard.
Coherent Technology Limited, 23 Northampton Square, Finsbury, London EC1V 0HL,
United Kingdom
Telephone: +44 20 7690 7075 Mobile: +44 7980 639379
Company Email: coherent@cohtech.com Website: http://www.cohtech.com
<http://www.cohtech.com/>
- [nssldap] More return code issues with nss_ldap,
Howard Wilkinson
