URL: https://github.com/SSSD/sssd/pull/67 Author: lslebodn Title: #67: UTIL: Unset O_NONBLOCK for ldap connection Action: opened
PR body: """ Before the commit 75e66c388862a4ba05afe0791c5503226395bad0, the flag O_NONBLOCK was set only for the connect syscall in request sssd_async_connect_send -> sssd_async_connect_send. Such change was done for secrets provider.
However, if ldap is compiled with gnutls it caused problems with start_tls and ldaps.
OpenLDAP Server log: 5810cf2f connection_get(23): got connid=1042 5810cf2f connection_read(23): checking for input on id=1042 TLS: error: accept - force handshake failure: errno 11 - moznss error -12234 TLS: can't accept: TLS error -12234:SSL received an unexpected Application Data record.. 5810cf2f connection_read(23): TLS accept failure error=-1 id=1042, closing 5810cf2f connection_close: conn=1042 sd=23
sssd domain log: [simple_bind_send] (0x0100): Executing simple bind as: uid=user1,dc=example,dc=com [simple_bind_send] (0x2000): ldap simple bind sent, msgid = 2 [sdap_op_add] (0x2000): New operation 2 timeout 6 [sdap_process_result] (0x2000): Trace: sh[0x151c240], connected[1], ops[0x1515700], ldap[0x1511bd0] [sdap_process_result] (0x2000): Trace: end of ldap_result list [sdap_process_result] (0x2000): Trace: sh[0x151c240], connected[1], ops[0x1515700], ldap[0x1511bd0] [sdap_process_result] (0x0040): ldap_result error: [Can't contact LDAP server] [sdap_handle_release] (0x2000): Trace: sh[0x151c240], connected[1], ops[0x1515700], ldap[0x1511bd0], destructor_lock[0], release_memory[0] [remove_connection_callback] (0x4000): Successfully removed connection callback. [sdap_op_destructor] (0x1000): Abandoning operation 2 [dp_req_done] (0x0400): DP Request [PAM Authenticate #3]: Request handler finished [0]: Success [_dp_req_recv] (0x0400): DP Request [PAM Authenticate #3]: Receiving request data. [dp_req_destructor] (0x0400): DP Request [PAM Authenticate #3]: Request removed. [dp_req_destructor] (0x0400): Number of active DP request: 0 [dp_method_enabled] (0x0400): Target selinux is not configured [dp_pam_reply] (0x1000): DP Request [PAM Authenticate #3]: Sending result [4][LDAP]
Resolves: https://fedorahosted.org/sssd/ticket/3189 """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/67/head:pr67 git checkout pr67