[prev in list] [next in list] [prev in thread] [next in thread] 

List:       perl-ldap-dev
Subject:    Net::LDAPS - problems with big entries
From:       Swen Vermeul <swen () ethz ! ch>
Date:       2007-05-30 16:38:24
Message-ID: 882F1C30-6894-4A6D-8DFE-26C604A4D329 () ethz ! ch
[Download RAW message or body]

Hi all,

when I try to add or update the "member"-attribute of a list  
(groupOfNames)
containing "many" (i.e. more than 300) members (dn's), the connection
hangs and the list is not being modified:

my $result = $ldap->modify( $list->dn, replace=> {member=> 
\@members} );  # hangs if there are "too many" members

- without encryption, the problem does *not* occur.
- I don't receive any error message. The connection just hangs until  
timeout.
- when I try to update the same list with less members, everything  
works fine.
- the SSL-connection itself works fine, I can do searches and updates  
without any problem
- working with start_tls instead of Net::LDAPS does not solve the  
problem

I use Perl v5.8.8 built for i686-linux-thread-multi and the latest
version of NET::LDAP (0.34) and the underlying modules  
IO::Socket::SSL (1.06),
Net::SSLeay (1.30). I also tried it with Perl, v5.8.6 built for  
darwin-thread-multi-2level
from an OSX machine but the problem remains.


Here is end of the debug output of a working example (292 members):
----------------------------------------------------------------
[...]
65 74 68 7A 2C 63 3D 63 68 04 37 63 6E 3D 7A 73 ethz,c=ch.7cn=zs
74 65 70 68 61 6E 2C 6F 75 3D 75 73 65 72 73 2C tephan,ou=users,
6F 75 3D 6E 65 74 68 7A 2C 6F 75 3D 69 64 2C 6F ou=nethz,ou=id,o
75 3D 61 75 74 68 2C 6F 3D 65 74 68 7A 2C 63 3D u=auth,o=ethz,c=
63 68 04 35 63 6E 3D 7A 63 61 72 6C 6F 2C 6F 75 ch.5cn=zcarlo,ou
3D 75 73 65 72 73 2C 6F 75 3D 6E 65 74 68 7A 2C =users,ou=nethz,
6F 75 3D 69 64 2C 6F 75 3D 61 75 74 68 2C 6F 3D ou=id,ou=auth,o=
65 74 68 7A 2C 63 3D 63 68 __ __ __ __ __ __ __ ethz,c=ch

Net::LDAPS=HASH(0x9a1b590) received:

30 0C 02 01 05 67 07 0A 01 00 04 00 04 00 __ __ 0....g........

Net::LDAPS=HASH(0x9a1b590) sending:

30 05 02 01 06 42 00 __ __ __ __ __ __ __ __ __ 0....B.
----------------------------------------------------------------


Here same example with just 1 more member (293 members):
----------------------------------------------------------------
[...]
65 74 68 7A 2C 63 3D 63 68 04 37 63 6E 3D 7A 73 ethz,c=ch.7cn=zs
74 65 70 68 61 6E 2C 6F 75 3D 75 73 65 72 73 2C tephan,ou=users,
6F 75 3D 6E 65 74 68 7A 2C 6F 75 3D 69 64 2C 6F ou=nethz,ou=id,o
75 3D 61 75 74 68 2C 6F 3D 65 74 68 7A 2C 63 3D u=auth,o=ethz,c=
63 68 04 35 63 6E 3D 7A 63 61 72 6C 6F 2C 6F 75 ch.5cn=zcarlo,ou
3D 75 73 65 72 73 2C 6F 75 3D 6E 65 74 68 7A 2C =users,ou=nethz,
6F 75 3D 69 64 2C 6F 75 3D 61 75 74 68 2C 6F 3D ou=id,ou=auth,o=
65 74 68 7A 2C 63 3D 63 68 04 36 63 6E 3D 7A 61 ethz,c=ch.6cn=za
62 6B 61 72 64 2C 6F 75 3D 75 73 65 72 73 2C 6F bkard,ou=users,o
75 3D 6E 65 74 68 7A 2C 6F 75 3D 69 64 2C 6F 75 u=nethz,ou=id,ou
3D 61 75 74 68 2C 6F 3D 65 74 68 7A 2C 63 3D 63 =auth,o=ethz,c=c
68 __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ h
(connection hangs)
----------------------------------------------------------------


Somehow there seems to be a problem with the length of data being  
transmitted.
We used the same code for years, without any problem, it stopped  
working about
two months ago. Maybe an update of Perl, a module or OpenSSL is  
causing the trouble?
Does anybody have any clue how to track this bug?


Cheers, Swen


[prev in list] [next in list] [prev in thread] [next in thread]