Home > Archive > LDAP > June 2007 > Net::LDAPS - problems with big entries
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Net::LDAPS - problems with big entries
|
|
| Swen Vermeul 2007-05-30, 7:16 pm |
| Hi all,
when I try to add or update the "member"-attribute of a list
(groupOfNames)
containing "many" (i.e. more than 300) members (dn's), the connection
hangs and the list is not being modified:
my $result = $ldap->modify( $list->dn, replace=> {member=>
\@members} ); # hangs if there are "too many" members
- without encryption, the problem does *not* occur.
- I don't receive any error message. The connection just hangs until
timeout.
- when I try to update the same list with less members, everything
works fine.
- the SSL-connection itself works fine, I can do searches and updates
without any problem
- working with start_tls instead of Net::LDAPS does not solve the
problem
I use Perl v5.8.8 built for i686-linux-thread-multi and the latest
version of NET::LDAP (0.34) and the underlying modules
IO::Socket::SSL (1.06),
Net::SSLeay (1.30). I also tried it with Perl, v5.8.6 built for
darwin-thread-multi-2level
from an OSX machine but the problem remains.
Here is end of the debug output of a working example (292 members):
----------------------------------------------------------------
[...]
65 74 68 7A 2C 63 3D 63 68 04 37 63 6E 3D 7A 73 ethz,c=ch.7cn=zs
74 65 70 68 61 6E 2C 6F 75 3D 75 73 65 72 73 2C tephan,ou=users,
6F 75 3D 6E 65 74 68 7A 2C 6F 75 3D 69 64 2C 6F ou=nethz,ou=id,o
75 3D 61 75 74 68 2C 6F 3D 65 74 68 7A 2C 63 3D u=auth,o=ethz,c=
63 68 04 35 63 6E 3D 7A 63 61 72 6C 6F 2C 6F 75 ch.5cn=zcarlo,ou
3D 75 73 65 72 73 2C 6F 75 3D 6E 65 74 68 7A 2C =users,ou=nethz,
6F 75 3D 69 64 2C 6F 75 3D 61 75 74 68 2C 6F 3D ou=id,ou=auth,o=
65 74 68 7A 2C 63 3D 63 68 __ __ __ __ __ __ __ ethz,c=ch
Net::LDAPS=HASH(0x9a1b590) received:
30 0C 02 01 05 67 07 0A 01 00 04 00 04 00 __ __ 0....g........
Net::LDAPS=HASH(0x9a1b590) sending:
30 05 02 01 06 42 00 __ __ __ __ __ __ __ __ __ 0....B.
----------------------------------------------------------------
Here same example with just 1 more member (293 members):
----------------------------------------------------------------
[...]
65 74 68 7A 2C 63 3D 63 68 04 37 63 6E 3D 7A 73 ethz,c=ch.7cn=zs
74 65 70 68 61 6E 2C 6F 75 3D 75 73 65 72 73 2C tephan,ou=users,
6F 75 3D 6E 65 74 68 7A 2C 6F 75 3D 69 64 2C 6F ou=nethz,ou=id,o
75 3D 61 75 74 68 2C 6F 3D 65 74 68 7A 2C 63 3D u=auth,o=ethz,c=
63 68 04 35 63 6E 3D 7A 63 61 72 6C 6F 2C 6F 75 ch.5cn=zcarlo,ou
3D 75 73 65 72 73 2C 6F 75 3D 6E 65 74 68 7A 2C =users,ou=nethz,
6F 75 3D 69 64 2C 6F 75 3D 61 75 74 68 2C 6F 3D ou=id,ou=auth,o=
65 74 68 7A 2C 63 3D 63 68 04 36 63 6E 3D 7A 61 ethz,c=ch.6cn=za
62 6B 61 72 64 2C 6F 75 3D 75 73 65 72 73 2C 6F bkard,ou=users,o
75 3D 6E 65 74 68 7A 2C 6F 75 3D 69 64 2C 6F 75 u=nethz,ou=id,ou
3D 61 75 74 68 2C 6F 3D 65 74 68 7A 2C 63 3D 63 =auth,o=ethz,c=c
68 __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ h
(connection hangs)
----------------------------------------------------------------
Somehow there seems to be a problem with the length of data being
transmitted.
We used the same code for years, without any problem, it stopped
working about
two months ago. Maybe an update of Perl, a module or OpenSSL is
causing the trouble?
Does anybody have any clue how to track this bug?
Cheers, Swen
| |
| Graham Barr 2007-06-01, 8:14 am |
| On May 30, 2007, at 11:38 AM, Swen Vermeul wrote:
>
> Somehow there seems to be a problem with the length of data being
> transmitted.
> We used the same code for years, without any problem, it stopped
> working about
> two months ago. Maybe an update of Perl, a module or OpenSSL is
> causing the trouble?
> Does anybody have any clue how to track this bug?
Can you tell the length of the packet being written that causes the
hang ?
You turn on debug with $ldap->debug(15);
Graham.
| |
| Jozef Kutej 2007-06-01, 8:14 am |
| Hi Graham.
I have the same problem as Swen. If I add attributes that have data
payload of 15949 bytes if works. But for 15994 it hangs. It hangs for
any size above it. Debug didn't told anything it just dumped the packets
and hanged waiting for ever.
Jozef.
On Fri, 2007-06-01 at 07:09 -0500, Graham Barr wrote:
> On May 30, 2007, at 11:38 AM, Swen Vermeul wrote:
>
> Can you tell the length of the packet being written that causes the
> hang ?
>
> You turn on debug with $ldap->debug(15);
>
> Graham.
>
| |
| Harden, Clif 2007-06-01, 8:14 am |
| =20
What directory server type are you accessing; AD, openldap, Sun
directory server, etc.
Clif=20
=20
-----Original Message-----
From: Jozef Kutej [mailto:jozef.kutej@hp.com]=20
Sent: Friday, June 01, 2007 7:44 AM
To: Graham Barr
Cc: Swen Vermeul; perl-ldap@perl.org
Subject: Re: Net::LDAPS - problems with big entries
Hi Graham.
I have the same problem as Swen. If I add attributes that have data
payload of 15949 bytes if works. But for 15994 it hangs. It hangs for
any size above it. Debug didn't told anything it just dumped the packets
and hanged waiting for ever.
Jozef.
On Fri, 2007-06-01 at 07:09 -0500, Graham Barr wrote:
> On May 30, 2007, at 11:38 AM, Swen Vermeul wrote:
>=20
> Can you tell the length of the packet being written that causes the=20
> hang ?
>=20
> You turn on debug with $ldap->debug(15);
>=20
> Graham.
>=20
| |
| Jozef Kutej 2007-06-01, 7:17 pm |
| Hello.
I think we use MS LDAP with Active director here in HP. But I don't
think it is server side issue. My college did the same program in php
and he is able to add any number of attributes at once with no problem.
Have a nice w end.
Jozef.
On Fri, 2007-06-01 at 07:57 -0500, Harden, Clif wrote:[color=darkred]
> What directory server type are you accessing; AD, openldap, Sun
> directory server, etc.
>
> Clif
>
> -----Original Message-----
> From: Jozef Kutej [mailto:jozef.kutej@hp.com]
> Sent: Friday, June 01, 2007 7:44 AM
> To: Graham Barr
> Cc: Swen Vermeul; perl-ldap@perl.org
> Subject: Re: Net::LDAPS - problems with big entries
>
> Hi Graham.
>
> I have the same problem as Swen. If I add attributes that have data
> payload of 15949 bytes if works. But for 15994 it hangs. It hangs for
> any size above it. Debug didn't told anything it just dumped the packets
> and hanged waiting for ever.
>
> Jozef.
>
> On Fri, 2007-06-01 at 07:09 -0500, Graham Barr wrote:
| |
| Graham Barr 2007-06-01, 7:17 pm |
| I guess the first thing is to determine exactly where it is hanging.
I cannot reproduce the problem myself, so I cannot try these tests.
1) Does it hang in syswrite(), we can check this by adding warn
"HERE" after the syswrite on line 773 of LDAP.pm
If it is in syswrite() maybe IO::Socket::SSL does not like data sent
that size. We could try sending smaller chunks by changing the
syswrite() line to be (warning - untested)
my $to_send = \( $msg->pdu );
my $offset = 0;
while($offset < length($$to_send)) {
my $n = syswrite($socket, substr($$to_send, $offset, 15000), 15000)
or return _error($ldap, $mesg, LDAP_LOCAL_ERROR,"$!");
$offset += $n;
}
Can someone who sees the problem please try this.
Graham.
On Jun 1, 2007, at 7:43 AM, Jozef Kutej wrote:
> Hi Graham.
>
> I have the same problem as Swen. If I add attributes that have data
> payload of 15949 bytes if works. But for 15994 it hangs. It hangs for
> any size above it. Debug didn't told anything it just dumped the
> packets
> and hanged waiting for ever.
>
> Jozef.
>
> On Fri, 2007-06-01 at 07:09 -0500, Graham Barr wrote:
>
| |
| Peter Marschall 2007-06-10, 7:17 pm |
| Hi,
On Saturday, 2. June 2007 12:21, Vermeul Swen wrote:
> using smaller junks of data solves the problem!
> Thank you very much! It solved the problem on both
> AD and OpenLDAP and sending smaller junks of data
> seems generally to be a good idea.
After Sven's and Jozef Kutej's success report I committed
Graham's patch SVN.
Out of curiosity:
Sven, Josef,
do you - by chance - have figures how it impacts performance?
To the bettor or towards the worse?
Peter
--
Peter Marschall
peter@adpm.de
| |
| Swen Vermeul 2007-06-12, 7:16 pm |
| Hi Peter,
Am 09.06.2007 um 20:22 schrieb Peter Marschall:
> After Sven's and Jozef Kutej's success report I committed
> Graham's patch SVN.
>
> Out of curiosity:
> Sven, Josef,
> do you - by chance - have figures how it impacts performance?
> To the bettor or towards the worse?
as far as I know our users didn't feel any impacts in performance.
Besides, we are happy enough that it works again ;-)
Swen
Swen Vermeul =95 vermeul@id.ethz.ch =95 +41 44 632 0770
| |
|
|
|
|
|
|
|
|
|