during ipa testing on el7, this error was logged to /var/log/messages:
Jul 19 23:21:16 dhcp207-172 ns-slapd: encoded packet size too big (599441 > 65536)
This error should have been logged to the directory server errors log. We need to ensure that sasl error messages are handled correctly. We are setting SASL_CB_LOG in ids_sasl_callbacks in sasl_server_init, so I don't know why this error wasn't handled.
cyrus sasl implements a syslog default logging mechanism (common.c:_sasl_syslog). Likely this logging into /var/log/messages comes from this syslog. DS gives ids_sasl_log as the application callback for logging.
If sasl plugins logs with syslog that would means _sasl_getcallback (common.c) does not retrieve SASL_CB_LOG in the callback list. I do not know how it can happens. A possibility is if SASL_CB_LOG had a different value in DS and in sasl plugin.
Replying to [comment:2 tbordaz]:
cyrus sasl implements a syslog default logging mechanism (common.c:_sasl_syslog). Likely this logging into /var/log/messages comes from this syslog. DS gives ids_sasl_log as the application callback for logging. If sasl plugins logs with syslog that would means _sasl_getcallback (common.c) does not retrieve SASL_CB_LOG in the callback list. I do not know how it can happens. A possibility is if SASL_CB_LOG had a different value in DS and in sasl plugin.
Ah, ok. Then perhaps it is IPA that somehow overrides SASL_CB_LOG. I found this problem using IPA. I'm not sure if it can be reproduced without IPA.
Could this be still an issue?
We are setting ids_sasl_log, which logs a sasl error message (note: SASL_LOG_ERR only) into the dirsrv error log. {{{ 532 static sasl_callback_t ids_sasl_callbacks[] = 533 { ... 540 SASL_CB_LOG, 541 (IFP) ids_sasl_log, 542 NULL 543 }, ... 559 } }}}
The particular sasl message is an error log. Thus, it's supposed to be logged in the dirsrv error log. {{{ if (text->size > text->in_maxbuf) { text->utils->log(NULL, SASL_LOG_ERR, "encoded packet size too big (%d > %d)", text->size, text->in_maxbuf); return SASL_FAIL; } }}}
But I also could not find SASL_CB_LOG in the ipa code...
Per ticket triage, - attempt to reproduce with DS only by setting a low buffer size. Either close and open an IPA bug, or fix if it's a DS issue.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1206305
Replying to [comment:10 mreynolds]:
Do we want to change the milestone to 1.3.5 backlog?
Per weekly meeting, set to 1.3.5 backlog.
Cannot reproduce the issue.
Closing the ticket for now.
Metadata Update from @nhosoi: - Issue assigned to mreynolds - Issue set to the milestone: 1.3.6 backlog
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/781
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Invalid)
Login to comment on this ticket.