Bug#486698: Authen::SASL::Cyrus produces bogus SIGPIPE

[Russ Allbery]

Wouter Verhelst <w at uter.be> writes:

> I've attached three files: one containing the output of the same script
> above, but with the Net::LDAP constructor having the extra options
> "debug => 15". This causes Net::LDAP to throw a lot of debugging output
> on stdout. The second is a pcap capture (captured with wireshark) of all
> the Kerberos and LDAP traffic going over the wire as the script runs.
> The final is the output of 'strace perl ./test.pl', but with the
> debugging option removed again (so as not to pollute the data with
> extraneous 'write' lines).

Okay, what this shows is that you successfully completed a GSSAPI
exchange, or at least the client thought it successfully completed the
exchange, the client sent the search, and the LDAP server told it to go
pound sand.  From the packet capture:

06:32:16.607174 IP country.nixsys.be.42746 > samba.grep.be.ldap: P 941:1099(158) ack 345 win 108 <nop,nop,timestamp 27361117 948824446>
06:32:16.608061 IP samba.grep.be.ldap > country.nixsys.be.42746: F 345:345(0) ack 1099 win 74 <nop,nop,timestamp 948824447 27361117>
06:32:16.608108 IP country.nixsys.be.42746 > samba.grep.be.ldap: P 1099:1573(474) ack 346 win 108 <nop,nop,timestamp 27361117 948824447>
06:32:16.608357 IP samba.grep.be.ldap > country.nixsys.be.42746: R 1321331696:1321331696(0) win 0

you can see that the LDAP server sent a FIN and a RSET.  So you're getting
a broken pipe error because indeed the LDAP server broke the pipe.

The next step is probably to look at the logs on the LDAP server.
Hopefully it will have logged why it abruptly closed the connection.  The
client at that point doesn't think there was anything wrong.

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>