Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-68773

[openldap] ldapsearch nettimeout option is not respected

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • rhel-10.0
    • rhel-9.6, rhel-10.0
    • openldap
    • None
    • openldap-2.6.8-3.el10
    • No
    • Low
    • rhel-idm-ds
    • ssg_idm
    • 0
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • Bug Fix
    • Hide
      .`ldapsearch` now respects the `NETWORK_TIMEOUT` setting as expected

      Before this update, an `ldapsearch` command ignored the timeout when the server was unreachable and, as a consequence, the search hung indefinitely instead of timing out. With this update, the logic error in TLS handling was fixed by adjusting connection retries and socket options.

      As a consequence, the `ldapsearch` command no longer ignores the NETWORK_TIMEOUT setting and returns the following error when the timeout is reached:

      ----
        `ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)`.
      ----
      Show
      .`ldapsearch` now respects the `NETWORK_TIMEOUT` setting as expected Before this update, an `ldapsearch` command ignored the timeout when the server was unreachable and, as a consequence, the search hung indefinitely instead of timing out. With this update, the logic error in TLS handling was fixed by adjusting connection retries and socket options. As a consequence, the `ldapsearch` command no longer ignores the NETWORK_TIMEOUT setting and returns the following error when the timeout is reached: ----   `ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)`. ----
    • Done
    • None

      What were you trying to do that didn't work?

      We had BZ https://bugzilla.redhat.com/show_bug.cgi?id=1924679 that was auto-closed and upstream issue opened https://bugs.openldap.org/show_bug.cgi?id=8047

      The upstream issue was fixed recently.

      What is the impact of this issue to you?

      Please provide the package NVR for which the bug is seen:

      openldap-2.6.6-4.el9.x86_64

      openldap-2.6.7-7.el10.x86_64

      How reproducible is this bug?:

      Always

      Steps to reproduce

      1. Run /CoreOS/openldap/Sanity/openldap-use-non-blocking-tls
      2.  
      3.  

      Expected results

      Actual results

              spichugi@redhat.com Simon Pichugin
              bsmejkal@redhat.com Barbora Simonova
              IdM DS Dev IdM DS Dev
              Barbora Simonova Barbora Simonova
              Evgenia Martyniuk Evgenia Martyniuk
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: