Bug#643948: [Fwd: Bug#643948: Doesn't occur when LDAP is unencrypted]

[Trent W. Buck]

Arthur de Jong wrote:
> I just now noticed that I did not send the attached message to you but
> only to the bug report.

I did get it, somehow.

> If you can reasonably reliably reproduce this, can you add the following
> to /etc/init.d/nslcd (around line 120, right before
> # start nslcd).

IIRC it was happening about one time in two.

Re your other comment this morning -- I'm running wheezy with stock
sysvinit/startpar, not systemd.  AFAIK systemd doesn't use LSB headers
at all; it has its own backwards-incompatible thing.  But, that's just
a guess.

> (date ; gdb -return-child-result -ex run -ex "thread apply all bt full"
> -ex "quit" --args ldapsearch -x -H ldaps://ldap/ -b YOURBASEDN'
> uid=YOURUID mail ) < /dev/null >> /var/log/nslcd.ldapsearch.boot.log
> 2>&1 &
> 
> (replace YOURBASEDN and YOURUID with appropriate values)
> 
> I'm wondering if this can help pinpoint the issue. If ldapsearch also
> bums out it shouldn't be a threading issue (and at least prove that it
> isn't something that nslcd is doing wrong).

I haven't gotten around to this yet :-(

> >   - stunnel4 on the clients, then plaintext ldap over that.
> >     (I'm already doing this for
> >     http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection
> >     due to problems with chromium.)

At the time, I set this up, and it's been working for me so far.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20140724/4e03dcab/attachment.sig>