<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 11/20/2014 12:03 PM,
<a class="moz-txt-link-abbreviated" href="mailto:dbischof@hrz.uni-kassel.de">dbischof@hrz.uni-kassel.de</a> wrote:<br>
</div>
<blockquote cite="mid:alpine.LSU.2.11.1411201152330.18310@fred"
type="cite">Hi,
<br>
<br>
On Thu, 20 Nov 2014, thierry bordaz wrote:
<br>
<br>
<blockquote type="cite">Server1 successfully replicated to
Server2, but Server2 fails to replicated to Server1.
<br>
<br>
The replication Server2->Server1 is done with kerberos
authentication. Server1 receives the replication session,
successfully identify the replication manager, start to receives
replication extop but suddenly closes the connection.
<br>
<br>
<br>
[19/Nov/2014:14:21:39 +0100] conn=2980 fd=78 slot=78
connection from
<br>
xxx to yyy
<br>
[19/Nov/2014:14:21:39 +0100] conn=2980 op=0 BIND dn=""
method=sasl
<br>
version=3 mech=GSSAPI
<br>
[19/Nov/2014:14:21:39 +0100] conn=2980 op=0 RESULT err=14
tag=97
<br>
nentries=0 etime=0, SASL bind in progress
<br>
[19/Nov/2014:14:21:39 +0100] conn=2980 op=1 BIND dn=""
method=sasl
<br>
version=3 mech=GSSAPI
<br>
[19/Nov/2014:14:21:39 +0100] conn=2980 op=1 RESULT err=14
tag=97
<br>
nentries=0 etime=0, SASL bind in progress
<br>
[19/Nov/2014:14:21:39 +0100] conn=2980 op=2 BIND dn=""
method=sasl
<br>
version=3 mech=GSSAPI
<br>
[19/Nov/2014:14:21:39 +0100] conn=2980 op=2 RESULT err=0
tag=97
<br>
nentries=0 etime=0 dn="krbprincipalname=xxx"
<br>
[19/Nov/2014:14:21:39 +0100] conn=2980 op=3 SRCH base=""
scope=0
<br>
filter="(objectClass=*)" attrs="supportedControl
supportedExtension"
<br>
[19/Nov/2014:14:21:39 +0100] conn=2980 op=3 RESULT err=0
tag=101
<br>
nentries=1 etime=0
<br>
[19/Nov/2014:14:21:39 +0100] conn=2980 op=4 SRCH base=""
scope=0
<br>
filter="(objectClass=*)" attrs="supportedControl
supportedExtension"
<br>
[19/Nov/2014:14:21:39 +0100] conn=2980 op=4 RESULT err=0
tag=101
<br>
nentries=1 etime=0
<br>
[19/Nov/2014:14:21:39 +0100] conn=2980 op=5 EXT
<br>
oid="2.16.840.1.113730.3.5.12"
name="replication-multimaster-extop"
<br>
[19/Nov/2014:14:21:39 +0100] conn=2980 op=5 RESULT err=0
tag=120
<br>
nentries=0 etime=0
<br>
[19/Nov/2014:14:21:39 +0100] conn=2980 op=6 SRCH
base="cn=schema"
<br>
scope=0 filter="(objectClass=*)" attrs="nsSchemaCSN"
<br>
[19/Nov/2014:14:21:39 +0100] conn=2980 op=6 RESULT err=0
tag=101
<br>
nentries=1 etime=0
<br>
[19/Nov/2014:14:21:39 +0100] conn=2980 op=-1 fd=78 closed -
I/O
<br>
function error.
<br>
<br>
The reason of this closure is logged in server1 error log.
sasl_decode fails to decode a received PDU.
<br>
<br>
[19/Nov/2014:14:21:39 +0100] - sasl_io_recv failed to decode
packet
<br>
for connection 2980
<br>
<br>
I do not know why it fails but I wonder if the received PDU is
not larger than the maximum configured value. The attribute
nsslapd-maxsasliosize is set to 2Mb by default. Would it be
possible to increase its value (5Mb) to see if it has an impact
<br>
<br>
[...]
<br>
</blockquote>
<br>
I set nsslapd-maxsasliosize to 6164480 on both machines, but the
problem remains.
<br>
<br>
<br>
Mit freundlichen Gruessen/With best regards,
<br>
<br>
--Daniel.
<br>
</blockquote>
<br>
<font face="Times New Roman, Times, serif">Hello Daniel,<br>
<br>
The sasl-decode fails but the exact returned value is not logged.
With standard version we may need to attach a debugger and then
set a conditional breakpoint in sasl-decode just after
conn->oparams.decode that will fire if result !=0. Now this can
change the dynamic and possibly prevent the problem to occur
again.<br>
The other option is to use an instrumented version to log this
value.<br>
<br>
thanks<br>
thierry<br>
<br>
<br>
</font>
</body>
</html>