LDAP_SUCCES on ldap_search_ext when host is unreachable

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

LDAP_SUCCES on ldap_search_ext when host is unreachable

Clement
Hello,

I work on switch over ldap server and i have a problem when the host is unreachable. For information, I use old versions (ldap sdk 5.1.5) but i have the same problem with ldap sdk 6.0.7.

My test is simple, i create a rules IPTABLES to drop packets to first ldap server and i request the server with ldap_search_ext. This function return LDAP_SUCCESS while the server is unreachable.
On an other test, i stop ldap service and ldap_search_ext return 81 or ldap_can't contact ldap serveur.

So, my server don't execute second search on the second server.

For information, my programme test connection on start and create handle on first server who's connect. every 3000 ms, i bind my two server to verify if is always up.

Thanks,
Clement
_______________________________________________
dev-tech-ldap mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-ldap
Reply | Threaded
Open this post in threaded view
|

Re: LDAP_SUCCES on ldap_search_ext when host is unreachable

Mark Smith-3
On 10/7/13 6:06 AM, Clement wrote:

> Hello,
>
> I work on switch over ldap server and i have a problem when the host
> is unreachable. For information, I use old versions (ldap sdk 5.1.5) but
> i have the same problem with ldap sdk 6.0.7.
>
> My test is simple, i create a rules IPTABLES to drop packets to
> first ldap server and i request the server with ldap_search_ext. This
> function  return LDAP_SUCCESS while the server is unreachable.
> On an other test, i stop ldap service and ldap_search_ext return 81
> or  ldap_can't contact ldap serveur.
>
> So, my server don't execute second search on the second server.
>
> For information, my programme test connection on start and create
> handle on first server who's connect. every 3000 ms, i bind my two
> server to verify if is always up.

I do not have any recent experience with client-based failover.  Maybe
someone else on this list does.

What platform is your client code running on?

Are you running over NSPR?

Does ldap_result() return an error after a server is taken down?

Have you traced through the LDAP C SDK code or enabled debugging to look
deeper at what is happening inside the ldap_search_ext() call?

What options or special configuration are you using?

--
Mark Smith
Pearl Crescent, LLC
http://pearlcrescent.com/
_______________________________________________
dev-tech-ldap mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-ldap
Reply | Threaded
Open this post in threaded view
|

Re: LDAP_SUCCES on ldap_search_ext when host is unreachable

Clement
In reply to this post by Clement
Hi,

For information, My plateform is CentOS 4. My program operate the switch over when a request don't result LDAP_SUCCESS. I'm not over NSPR but use directly the librairy ldap50.so.

Look this trace, i have add my trace to know the call flow :

ldap_search_ext
put_filter "(& (|(identityAlias=e164:100161353485)(&(identityAlias=e164:100161354485)(!(incomingRouting=0)))) (objectClass=Identity) (!(inactive=1)))"
put_filter: AND
put_filter_list " (|(identityAlias=e164:100161353485)(&(identityAlias=e164:100161354485)(!(incomingRouting=0)))) (objectClass=Identity) (!(inactive=1))"
put_filter "(|(identityAlias=e164:100161353485)(&(identityAlias=e164:100161354485)(!(incomingRouting=0))))"
put_filter: OR
put_filter_list "(identityAlias=e164:100161353485)(&(identityAlias=e164:100161354485)(!(incomingRouting=0)))"
put_filter "(identityAlias=e164:100161353485)"
put_filter: simple
put_simple_filter "identityAlias=e164:100161353485"
put_filter "(&(identityAlias=e164:100161354485)(!(incomingRouting=0)))"
put_filter: AND
put_filter_list "(identityAlias=e164:100161354485)(!(incomingRouting=0))"
put_filter "(identityAlias=e164:100161354485)"
put_filter: simple
put_simple_filter "identityAlias=e164:100161354485"
put_filter "(!(incomingRouting=0))"
put_filter: NOT
put_filter_list "(incomingRouting=0)"
put_filter "(incomingRouting=0)"
put_filter: simple
put_simple_filter "incomingRouting=0"
put_filter "(objectClass=Identity)"
put_filter: simple
put_simple_filter "objectClass=Identity"
put_filter "(!(inactive=1))"
put_filter: NOT
put_filter_list "(inactive=1)"
put_filter "(inactive=1)"
put_filter: simple
put_simple_filter "inactive=1"
nsldapi_send_initial_request
nsldapi_send_server_request
        lc == NULL
        srvlist == NULL
        nsldapi_send_server_request: connection 0x8667cd0 - LDAP_CONNST_CONNECTING -> LDAP_CONNST_CONNECTED ELSE
        Not return before end of nsldapi_send_server_request in request.c
ldap_err2string
        CLEMENT : iLDAPResult == Success || 0 #ldap_search_ext return
ldap_result
nsldapi_result_nolock (msgid=-1, all=1)
=> check_response_queue (msgid=-1, all=1)
<= check_response_queue NOT FOUND
wait4msg (timeout 0 sec, 0 usec)
** Connections:
* 0x8667cd0 - host: 10.165.116.92  port: 389  secure: No  (default)
  refcnt: 3  pending: 0  status: Connected
  last used: Wed Oct  9 12:44:48 2013

** Outstanding Requests:
 * 0x8842418 - msgid 3,  origid 3, status InProgress
   outstanding referrals 0, parent count 0
 * 0x8833f90 - msgid 4,  origid 4, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
nsldapi_iostatus_poll
ldap_result = 0

I remark that the call flow go to the nsldapi_send_server_request and return msgid. So, different function suppose that is a LDAP_SUCCESS.


For finish, i use one OPTION : LDAP_X_OPT_CONNECT_TIMEOUT = 1000

Thanks
Clement






_______________________________________________
dev-tech-ldap mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-ldap
Reply | Threaded
Open this post in threaded view
|

Re: LDAP_SUCCES on ldap_search_ext when host is unreachable

Clement
In reply to this post by Clement
I have a question about ldap_search_ext result. What LDAP_SUCCESS means ?
the function return LDAP_SUCCESS when the request was send and a answer was receive or just when the request was send.

Thanks
Clement

_______________________________________________
dev-tech-ldap mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-ldap
Reply | Threaded
Open this post in threaded view
|

Re: LDAP_SUCCES on ldap_search_ext when host is unreachable

Clement
In reply to this post by Clement
I have a question about ldap_search_ext result. What LDAP_SUCCESS mean ?
the function return LDAP_SUCCESS when the request was send and a answer was receive or just when the request was send.

Thanks
Clement
_______________________________________________
dev-tech-ldap mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-ldap
Reply | Threaded
Open this post in threaded view
|

Re: LDAP_SUCCES on ldap_search_ext when host is unreachable

Mark Smith-3
In reply to this post by Clement
On 10/14/13 4:02 AM, [hidden email] wrote:
> I have a question about ldap_search_ext result. What LDAP_SUCCESS means ?
> the function return LDAP_SUCCESS when the request was send and a
answer was receive or just when the request was send.

It means the request was sent.  See:

http://www-archive.mozilla.org/directory/csdk-docs/using.htm#check_ldap_request_sent

However, "sent" may not mean what you think it should.  What it really
means is that the data has been accepted by the networking stack on the
sending computer.

To reliably detect failures of the TCP connection (I assume from your
previous post that this is one of your requirements), you may need to
call ldap_result().  Note that depending on the failure mode and various
configuration options, it can take a fairly long time for the TCP stack
to detect a loss of connectivity.

--
Mark Smith
Pearl Crescent, LLC
http://pearlcrescent.com/
_______________________________________________
dev-tech-ldap mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-ldap
Reply | Threaded
Open this post in threaded view
|

Re: LDAP_SUCCES on ldap_search_ext when host is unreachable

Clement
In reply to this post by Clement
Thanks for information. Effectivily, i see that is the tcp stack who accept or not packet. If host is unreachable, my program wait a response, but, if the server ldap isn't start, tcp receive a TCP_RST and the ldap_search_ext is LDAP_DOWN.

However, i don't know if is a problem or not, but i have make a simple test.
If i initialize and i make a search directly, my program wait some minutes befor ldap return a LDAP_DOWN.
On the other side, if i initialize, make a bind on host UP and apply an iptables to  make host down. When i make a ldap_search_ext(), i have a LDAP_SUCCESS. the SDK ldap consider that the host is connected and don't make a bind request.

With your information, i have call ldap_result() and with good timeout, i can see if host answer and can make a request on my second ldap server. But, an another problem become. I make a ldap_search_ext() for asynchronous mode because i have a thread who send request and a thread who receive result, so on one situation (when the search as not result), the result is delete by ldap_result() and my receiuve thread don't have the result.

Thanks
Clement
_______________________________________________
dev-tech-ldap mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-ldap