Failure to reconnect to ldaps server after idle_timeout
Alan DeKok
aland at deployingradius.com
Wed Mar 11 14:13:20 CET 2015
On Mar 10, 2015, at 8:22 PM, Matthew Newton <mcn4 at leicester.ac.uk> wrote:
> If it's a bug in an O/S that people are paying support for but
> it's not fixed then that should surely be s/NSS/RedHat/g ?
It’s a bug in how libldap uses NSS. Some of that is the NSS patch. Some of that is the libldap code.
Libldap has no “initialize library” function. As a result, any initialization is done by various ad-hoc heuristics. Libldap has no “close library” function. As a result, any cleanup is done by various ad-hoc heuristics. These heuristics can get things wrong, and can cause your program to crash.
This is a design requirement of libldap, according to the OpenLDAP / Symas people.
Alan DeKok.
More information about the Freeradius-Users
mailing list