6699250 nscd core dumps in NIS do_getent

6716362 standalone ldaplist appears to hang when all servers are down
6728407 LDAP Core file got generated on NAS Appliance while trying to enable LDAP services
6731903 peruser nscd not functional when using libumem debugging

11 files changed, 223 insertions, 161 deletions

diff --git a/usr/src/cmd/nscd/nscd_cfgdef.h b/usr/src/cmd/nscd/nscd_cfgdef.h
index 1f770a56b0..f503dfbfea 100644
--- a/usr/src/cmd/nscd/nscd_cfgdef.h
+++ b/usr/src/cmd/nscd/nscd_cfgdef.h
@@ -385,18 +385,6 @@ static	nscd_cfg_param_desc_t	_nscd_cfg_param_desc[] = {
 		NSCD_CFG_FUNC_VERIFY_AS_GROUP),
 
 	NSCD_CFG_PARAM_DESC(
-		"max-per-user-nscd",
-		NSCD_CFG_DATA_INTEGER,
-		NSCD_CFG_PFLAG_GLOBAL,
-		max_per_user_nscd,
-		nscd_cfg_global_selfcred_t,
-		sc,
-		nscd_cfg_global_data_t,
-		NULL,
-		NSCD_CFG_FUNC_NOTIFY_AS_GROUP,
-		NSCD_CFG_FUNC_VERIFY_AS_GROUP),
-
-	NSCD_CFG_PARAM_DESC(
 		"per-user-nscd-ttl",
 		NSCD_CFG_DATA_INTEGER,
 		NSCD_CFG_PFLAG_GLOBAL,
@@ -792,7 +780,6 @@ static nscd_cfg_global_data_t nscd_cfg_global_default = {
 
 	NSCD_CFG_GROUP_INFO_GLOBAL_SELFCRED,
 	nscd_true,		/* enable_selfcred */
-	1000,			/* max_per_user_nscd */
 	120,			/* per_user_nscd_ttl: 120 seconds */
 
 	},
diff --git a/usr/src/cmd/nscd/nscd_config.h b/usr/src/cmd/nscd/nscd_config.h
index ad81004083..d2c7135e40 100644
--- a/usr/src/cmd/nscd/nscd_config.h
+++ b/usr/src/cmd/nscd/nscd_config.h
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -365,11 +365,10 @@ typedef struct {
 /*
  * self credential param group (global)
  */
-#define	NSCD_CFG_GROUP_INFO_GLOBAL_SELFCRED	{3, 0x0007}
+#define	NSCD_CFG_GROUP_INFO_GLOBAL_SELFCRED	{2, 0x0003}
 typedef struct {
 	nscd_cfg_group_info_t	gi;
 	nscd_bool_t		enable_selfcred;
-	int			max_per_user_nscd;
 	int			per_user_nscd_ttl;
 } nscd_cfg_global_selfcred_t;
 
diff --git a/usr/src/cmd/nscd/nscd_getentctx.c b/usr/src/cmd/nscd/nscd_getentctx.c
index db2e16d684..023e8d7f1d 100644
--- a/usr/src/cmd/nscd/nscd_getentctx.c
+++ b/usr/src/cmd/nscd/nscd_getentctx.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -102,7 +102,7 @@ _nscd_add_getent_ctx(
 	nscd_cookie_num_t	cookie_num)
 {
 	int			size;
-	char			buf[2 * sizeof (cookie_num) + 1];
+	char			buf[32];
 	nscd_db_entry_t		*db_entry;
 	nscd_getent_ctx_t	*gnctx;
 
@@ -114,7 +114,7 @@ _nscd_add_getent_ctx(
 	size = sizeof (*gnctx);
 
 	db_entry = _nscd_alloc_db_entry(NSCD_DATA_CTX_ADDR,
-			(const char *)buf, size, 1, 1);
+	    (const char *)buf, size, 1, 1);
 	if (db_entry == NULL)
 		return (NSCD_NO_MEMORY);
 
@@ -124,7 +124,7 @@ _nscd_add_getent_ctx(
 
 	(void) rw_wrlock(&getent_ctxDB_rwlock);
 	(void) _nscd_add_db_entry(getent_ctxDB, buf, db_entry,
-		NSCD_ADD_DB_ENTRY_FIRST);
+	    NSCD_ADD_DB_ENTRY_FIRST);
 	(void) rw_unlock(&getent_ctxDB_rwlock);
 
 	return (NSCD_SUCCESS);
@@ -140,7 +140,7 @@ nscd_getent_context_t *
 _nscd_is_getent_ctx(
 	nscd_cookie_num_t	cookie_num)
 {
-	char			ptrstr[1 + 2 * sizeof (cookie_num)];
+	char			ptrstr[32];
 	const nscd_db_entry_t	*db_entry;
 	nscd_getent_context_t	*ret = NULL;
 
@@ -149,7 +149,7 @@ _nscd_is_getent_ctx(
 	(void) rw_rdlock(&getent_ctxDB_rwlock);
 
 	db_entry = _nscd_get_db_entry(getent_ctxDB, NSCD_DATA_CTX_ADDR,
-		(const char *)ptrstr, NSCD_GET_FIRST_DB_ENTRY, 0);
+	    (const char *)ptrstr, NSCD_GET_FIRST_DB_ENTRY, 0);
 
 	if (db_entry != NULL) {
 		nscd_getent_ctx_t *gnctx;
@@ -157,12 +157,19 @@ _nscd_is_getent_ctx(
 		gnctx = (nscd_getent_ctx_t *)*(db_entry->data_array);
 
 		/*
-		 * If the ctx is not to be deleted and
-		 * the cookie numbers match, return the ctx.
+		 * If the ctx is not to be deleted and the cookie number
+		 * match, return the ctx if not aborted and not in use,
 		 * Otherwise return NULL.
 		 */
-		if (gnctx->to_delete == 0 && gnctx->cookie_num == cookie_num)
+		if (gnctx->to_delete == 0 && gnctx->cookie_num == cookie_num) {
 			ret = gnctx->ptr;
+			(void) mutex_lock(&gnctx->ptr->getent_mutex);
+			if (ret->aborted == 1 || ret->in_use == 1)
+				ret = NULL;
+			else
+				ret->in_use = 1;
+			(void) mutex_unlock(&gnctx->ptr->getent_mutex);
+		}
 	}
 
 	(void) rw_unlock(&getent_ctxDB_rwlock);
@@ -171,6 +178,34 @@ _nscd_is_getent_ctx(
 }
 
 /*
+ * FUNCTION: _nscd_free_ctx_if_aborted
+ *
+ * Check to see if the getent session associated with a getent context had
+ * been aborted. If so, return the getent context back to the pool.
+ */
+void
+_nscd_free_ctx_if_aborted(
+	nscd_getent_context_t	*ctx)
+{
+	int	aborted;
+	char	*me = "_nscd_free_ctx_if_aborted";
+
+	if (ctx->in_use != 1)
+		return;
+
+	(void) mutex_lock(&ctx->getent_mutex);
+	aborted = ctx->aborted;
+	(void) mutex_unlock(&ctx->getent_mutex);
+
+	if (aborted == 1) {
+		_NSCD_LOG(NSCD_LOG_GETENT_CTX, NSCD_LOG_LEVEL_DEBUG)
+		(me, "getent session aborted, return the getent context\n");
+		_nscd_put_getent_ctx(ctx);
+	}
+	ctx->in_use = 0;
+}
+
+/*
  * FUNCTION: _nscd_del_getent_ctx
  *
  * Delete a getent context from the internal getent context database.
@@ -180,7 +215,7 @@ _nscd_del_getent_ctx(
 	nscd_getent_context_t	*ptr,
 	nscd_cookie_num_t	cookie_num)
 {
-	char			ptrstr[1 + 2 * sizeof (cookie_num)];
+	char			ptrstr[32];
 	nscd_getent_ctx_t	*gnctx;
 	const nscd_db_entry_t	*db_entry;
 
@@ -196,9 +231,9 @@ _nscd_del_getent_ctx(
 	 * the database.
 	 */
 	db_entry = _nscd_get_db_entry(getent_ctxDB,
-		NSCD_DATA_CTX_ADDR,
-		(const char *)ptrstr,
-		NSCD_GET_FIRST_DB_ENTRY, 0);
+	    NSCD_DATA_CTX_ADDR,
+	    (const char *)ptrstr,
+	    NSCD_GET_FIRST_DB_ENTRY, 0);
 	if (db_entry != NULL) {
 		gnctx = (nscd_getent_ctx_t *)*(db_entry->data_array);
 		if (gnctx->ptr == ptr && gnctx->cookie_num  == cookie_num) {
@@ -207,9 +242,9 @@ _nscd_del_getent_ctx(
 			(void) rw_wrlock(&getent_ctxDB_rwlock);
 
 			(void) _nscd_delete_db_entry(getent_ctxDB,
-				NSCD_DATA_CTX_ADDR,
-				(const char *)ptrstr,
-				NSCD_DEL_FIRST_DB_ENTRY, 0);
+			    NSCD_DATA_CTX_ADDR,
+			    (const char *)ptrstr,
+			    NSCD_DEL_FIRST_DB_ENTRY, 0);
 		}
 	}
 	(void) rw_unlock(&getent_ctxDB_rwlock);
@@ -272,7 +307,7 @@ _nscd_free_all_getent_ctx_base()
 			continue;
 
 		nscd_getent_ctx_base[i] = (nscd_getent_ctx_base_t *)
-			_nscd_set((nscd_acc_data_t *)base, NULL);
+		    _nscd_set((nscd_acc_data_t *)base, NULL);
 	}
 	(void) rw_unlock(&nscd_getent_ctx_base_lock);
 }
@@ -296,6 +331,7 @@ _nscd_create_getent_ctx(
 	gnctx->dbi = params->dbi;
 	gnctx->cookie_num = _nscd_get_cookie_num();
 	gnctx->pid = -1;
+	(void) mutex_init(&gnctx->getent_mutex, USYNC_THREAD, NULL);
 
 	if (_nscd_get_nsw_state(&db_root, params) != NSCD_SUCCESS) {
 		free(gnctx);
@@ -338,7 +374,7 @@ _nscd_get_getent_ctx(
 	 * available' signal.
 	 */
 	tmp = (nscd_getent_ctx_base_t *)_nscd_mutex_lock(
-		(nscd_acc_data_t *)base);
+	    (nscd_acc_data_t *)base);
 	assert(base == tmp);
 	if (base->first == NULL) {
 		if (base->num_getent_ctx == base->max_getent_ctx) {
@@ -346,13 +382,13 @@ _nscd_get_getent_ctx(
 			while (base->first == NULL) {
 
 				_NSCD_LOG(NSCD_LOG_GETENT_CTX,
-					NSCD_LOG_LEVEL_DEBUG)
+				    NSCD_LOG_LEVEL_DEBUG)
 				(me, "waiting for signal\n");
 
 				_nscd_cond_wait((nscd_acc_data_t *)base, NULL);
 
 				_NSCD_LOG(NSCD_LOG_GETENT_CTX,
-					NSCD_LOG_LEVEL_DEBUG)
+				    NSCD_LOG_LEVEL_DEBUG)
 				(me, "woke up\n");
 			}
 			base->num_waiter--;
@@ -365,7 +401,7 @@ _nscd_get_getent_ctx(
 				/* not able to create an getent ctx */
 
 				_NSCD_LOG(NSCD_LOG_GETENT_CTX,
-					NSCD_LOG_LEVEL_ERROR)
+				    NSCD_LOG_LEVEL_ERROR)
 				(me, "create getent ctx failed\n");
 
 				_nscd_mutex_unlock((nscd_acc_data_t *)base);
@@ -383,6 +419,7 @@ _nscd_get_getent_ctx(
 	base->first = c->next;
 	c->next = NULL;
 	c->seq_num = 1;
+	c->in_use = 1;
 
 	_NSCD_LOG(NSCD_LOG_GETENT_CTX, NSCD_LOG_LEVEL_DEBUG)
 	(me, "got a getent ctx %p\n", c);
@@ -444,11 +481,13 @@ _nscd_put_getent_ctx(
 	_nscd_put_nsw_state(gnctx->nsw_state);
 	gnctx->nsw_state = NULL;
 
+	gnctx->aborted = 0;
+	gnctx->in_use = 0;
 	_nscd_del_getent_ctx(gnctx, gnctx->cookie_num);
 
 	_NSCD_LOG(NSCD_LOG_GETENT_CTX, NSCD_LOG_LEVEL_DEBUG)
 	(me, "ctx (%p, cookie # = %lld) removed from getent ctx DB\n",
-		gnctx, gnctx->cookie_num);
+	    gnctx, gnctx->cookie_num);
 
 	if (base->num_waiter > 0) {
 		_NSCD_LOG(NSCD_LOG_GETENT_CTX, NSCD_LOG_LEVEL_DEBUG)
@@ -472,10 +511,10 @@ _nscd_init_getent_ctx_base(
 		(void) rw_rdlock(&nscd_getent_ctx_base_lock);
 
 	base = (nscd_getent_ctx_base_t *)_nscd_alloc(
-		NSCD_DATA_GETENT_CTX_BASE,
-		sizeof (nscd_getent_ctx_base_t),
-		_nscd_free_getent_ctx_base,
-		NSCD_ALLOC_MUTEX | NSCD_ALLOC_COND);
+	    NSCD_DATA_GETENT_CTX_BASE,
+	    sizeof (nscd_getent_ctx_base_t),
+	    _nscd_free_getent_ctx_base,
+	    NSCD_ALLOC_MUTEX | NSCD_ALLOC_COND);
 
 	if (base == NULL) {
 		if (lock)
@@ -491,9 +530,9 @@ _nscd_init_getent_ctx_base(
 	base->dbi = dbi;
 	base->max_getent_ctx = NSCD_SW_CFG(dbi).max_getent_ctx_per_db;
 	nscd_getent_ctx_base[dbi] =
-		(nscd_getent_ctx_base_t *)_nscd_set(
-		(nscd_acc_data_t *)nscd_getent_ctx_base[dbi],
-		(nscd_acc_data_t *)base);
+	    (nscd_getent_ctx_base_t *)_nscd_set(
+	    (nscd_acc_data_t *)nscd_getent_ctx_base[dbi],
+	    (nscd_acc_data_t *)base);
 
 	if (lock)
 		(void) rw_unlock(&nscd_getent_ctx_base_lock);
@@ -534,7 +573,7 @@ _nscd_alloc_getent_ctx_base()
 	(void) rw_wrlock(&nscd_getent_ctx_base_lock);
 
 	nscd_getent_ctx_base = calloc(NSCD_NUM_DB,
-			sizeof (nscd_getent_ctx_base_t *));
+	    sizeof (nscd_getent_ctx_base_t *));
 	if (nscd_getent_ctx_base == NULL) {
 		(void) rw_unlock(&nscd_getent_ctx_base_lock);
 		return (NSCD_NO_MEMORY);
@@ -582,7 +621,7 @@ reclaim_getent_ctx(void *arg)
 		(void) rw_rdlock(&getent_ctxDB_rwlock);
 
 		for (ep = _nscd_walk_db(getent_ctxDB, &cookie); ep != NULL;
-				ep = _nscd_walk_db(getent_ctxDB, &cookie)) {
+		    ep = _nscd_walk_db(getent_ctxDB, &cookie)) {
 
 			ctx = (nscd_getent_ctx_t *)*(ep->data_array);
 
@@ -595,13 +634,13 @@ reclaim_getent_ctx(void *arg)
 			if (gctx->pid != -1 && process_exited(gctx->pid)) {
 
 				_NSCD_LOG(NSCD_LOG_GETENT_CTX,
-					NSCD_LOG_LEVEL_DEBUG)
+				    NSCD_LOG_LEVEL_DEBUG)
 				(me, "process  %d exited, "
-				"getent context = %p, "
-				"db index = %d, cookie # = %lld, "
-				"sequence # = %lld\n",
-				gctx->pid, gctx, gctx->dbi,
-				gctx->cookie_num, gctx->seq_num);
+				    "getent context = %p, "
+				    "db index = %d, cookie # = %lld, "
+				    "sequence # = %lld\n",
+				    gctx->pid, gctx, gctx->dbi,
+				    gctx->cookie_num, gctx->seq_num);
 
 				if (first != NULL) {
 					last->next = gctx;
@@ -617,12 +656,20 @@ reclaim_getent_ctx(void *arg)
 
 
 		/*
-		 * return all the orphan getent contexts to the pool
+		 * return all the orphan getent contexts to the pool if not
+		 * in use
 		 */
 		for (gctx = first; gctx; ) {
+			int in_use;
 			c = gctx->next;
-			gctx->next = NULL;
-			_nscd_put_getent_ctx(gctx);
+			gctx->aborted = 1;
+			(void) mutex_lock(&gctx->getent_mutex);
+			in_use = gctx->in_use;
+			(void) mutex_unlock(&gctx->getent_mutex);
+			if (in_use != 1) {
+				gctx->next = NULL;
+				_nscd_put_getent_ctx(gctx);
+			}
 			gctx = c;
 		}
 		first = last = NULL;
diff --git a/usr/src/cmd/nscd/nscd_selfcred.c b/usr/src/cmd/nscd/nscd_selfcred.c
index 0150aad6b9..c56efbdea0 100644
--- a/usr/src/cmd/nscd/nscd_selfcred.c
+++ b/usr/src/cmd/nscd/nscd_selfcred.c
@@ -20,7 +20,7 @@
  */
 
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -164,14 +164,14 @@ init_slot(int	s)
 		ch = child[s];
 
 		if ((ch->mutex = (mutex_t *)calloc(1,
-			sizeof (mutex_t))) == NULL) {
+		    sizeof (mutex_t))) == NULL) {
 			free(ch);
 			return (-1);
 		}
 		(void) mutex_init(ch->mutex, USYNC_THREAD, NULL);
 
 		if ((ch->cond = (cond_t *)calloc(1,
-			sizeof (cond_t))) == NULL) {
+		    sizeof (cond_t))) == NULL) {
 			free(ch->mutex);
 			free(ch);
 			return (-1);
@@ -233,13 +233,13 @@ get_cslot(
 	for (i = 0; i <= used_slot; i++) {
 		ch = child[i];
 		if (ch->child_state >= CHILD_STATE_UIDKNOWN &&
-			ch->child_uid == uid) {
+		    ch->child_uid == uid) {
 			ret = ch;
 			(void) mutex_unlock(&child_lock);
 
 			_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
 			(me, "slot %d found with uid %d\n",
-				ret->child_slot, ret->child_uid);
+			    ret->child_slot, ret->child_uid);
 
 			return (ret);
 		}
@@ -264,7 +264,7 @@ get_cslot(
 				return (ret);
 			}
 			(void) memcpy(tmp, child, sizeof (child_t) *
-				max_pu_nscd);
+			    max_pu_nscd);
 			free(child);
 			child = tmp;
 			max_pu_nscd = newmax;
@@ -350,7 +350,7 @@ selfcred_kill(
 
 	if (fd != -1)
 		ret = _nscd_doorcall_fd(fd, NSCD_KILL, NULL, 0,
-			NULL, 0, NULL);
+		    NULL, 0, NULL);
 	else
 		ret = _nscd_doorcall(NSCD_KILL);
 
@@ -386,7 +386,7 @@ _nscd_kill_all_children()
 		if (child[i]->child_state >= CHILD_STATE_PIDKNOWN) {
 			_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
 			(me, "killing child process %d (doorfd %d)\n",
-			child[i]->child_pid, child[i]->child_door);
+			    child[i]->child_pid, child[i]->child_door);
 
 			ret = selfcred_kill(child[i]->child_door);
 
@@ -409,7 +409,7 @@ selfcred_pulse(
 	(me, "start monitoring door %d\n", fd);
 
 	ret = _nscd_doorcall_fd(fd, NSCD_PULSE |(_whoami & NSCD_WHOAMI),
-		NULL, 0, NULL, 0, NULL);
+	    NULL, 0, NULL, 0, NULL);
 
 	_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
 	(me, "door (%d) monitor exited (rc = %d)\n", fd, ret);
@@ -431,8 +431,8 @@ forker_monitor(
 	(void) selfcred_pulse(forking_door);
 
 	_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
-(me, "forker (pid = %d) exited or crashed, killing all child processes\n",
-		fpid);
+	(me, "forker (pid = %d) exited or crashed, "
+	    "killing all child processes\n", fpid);
 
 	(void) mutex_lock(&forking_lock);
 	forking_door = -1;
@@ -524,7 +524,7 @@ _nscd_proc_iamhere(
 		(me, "door_ucred failed: %s\n", strerror(errnum));
 
 		NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, errnum,
-			NSCD_DOOR_UCRED_ERROR);
+		    NSCD_DOOR_UCRED_ERROR);
 	}
 	uid = ucred_geteuid(uc);
 
@@ -541,7 +541,7 @@ _nscd_proc_iamhere(
 
 
 			NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
-			NSCD_SELF_CRED_MAIN_IMPOSTER);
+			    NSCD_SELF_CRED_MAIN_IMPOSTER);
 		}
 		break;
 
@@ -556,7 +556,7 @@ _nscd_proc_iamhere(
 
 
 			NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
-			NSCD_SELF_CRED_FORKER_IMPOSTER);
+			    NSCD_SELF_CRED_FORKER_IMPOSTER);
 			break;
 		}
 
@@ -564,18 +564,18 @@ _nscd_proc_iamhere(
 		if (_whoami != NSCD_MAIN) {
 
 			NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
-			NSCD_SELF_CRED_WRONG_NSCD);
+			    NSCD_SELF_CRED_WRONG_NSCD);
 			break;
 		}
 
 		if (ucred_getpid(uc) != forker_pid) {
 			_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
-		(me, "FORKER IMPOSTER CAUGHT: pid = %d should be %d\n",
-			ucred_getpid(uc), forker_pid);
+			(me, "FORKER IMPOSTER CAUGHT: pid = %d should be %d\n",
+			    ucred_getpid(uc), forker_pid);
 
 
 			NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
-			NSCD_SELF_CRED_FORKER_IMPOSTER);
+			    NSCD_SELF_CRED_FORKER_IMPOSTER);
 			break;
 		}
 
@@ -585,13 +585,13 @@ _nscd_proc_iamhere(
 
 
 			NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
-			NSCD_SELF_CRED_NO_DOOR);
+			    NSCD_SELF_CRED_NO_DOOR);
 			break;
 		}
 
 		if ((dp->d_attributes & DOOR_DESCRIPTOR) &&
-			dp->d_data.d_desc.d_descriptor > 0 &&
-			dp->d_data.d_desc.d_id != 0) {
+		    dp->d_data.d_desc.d_descriptor > 0 &&
+		    dp->d_data.d_desc.d_id != 0) {
 			(void) mutex_lock(&forking_lock);
 			if (forking_door != -1)
 				(void) close(forking_door);
@@ -609,7 +609,7 @@ _nscd_proc_iamhere(
 
 		/* monitor the forker nscd */
 		(void) thr_create(NULL, 0, forker_monitor, NULL,
-			THR_DETACHED, NULL);
+		    THR_DETACHED, NULL);
 
 		break;
 
@@ -620,7 +620,7 @@ _nscd_proc_iamhere(
 			(me, "CHILD IMPOSTER CAUGHT!\n");
 
 			NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
-			NSCD_SELF_CRED_CHILD_IMPOSTER);
+			    NSCD_SELF_CRED_CHILD_IMPOSTER);
 			break;
 		}
 
@@ -640,38 +640,38 @@ _nscd_proc_iamhere(
 			(me, "bad slot number %d\n", cslot);
 
 			NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
-			NSCD_SELF_CRED_INVALID_SLOT_NUMBER);
+			    NSCD_SELF_CRED_INVALID_SLOT_NUMBER);
 			break;
 		}
 
 		if (uid != ch->child_uid) {
 			_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
 		(me, "CHILD IMPOSTER CAUGHT: uid = %d should be %d\n",
-			uid, ch->child_uid);
+		    uid, ch->child_uid);
 
 			NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
-			NSCD_SELF_CRED_CHILD_IMPOSTER);
+			    NSCD_SELF_CRED_CHILD_IMPOSTER);
 			break;
 		}
 
 		if (ch->child_state != CHILD_STATE_UIDKNOWN &&
-			ch->child_state != CHILD_STATE_FORKSENT) {
+		    ch->child_state != CHILD_STATE_FORKSENT) {
 			_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
 			(me, "invalid slot/child state (%d) for uid %d\n",
-			ch->child_state, uid);
+			    ch->child_state, uid);
 
 			NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
-			NSCD_SELF_CRED_INVALID_SLOT_STATE);
+			    NSCD_SELF_CRED_INVALID_SLOT_STATE);
 			break;
 		}
 
 		_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
 		(me, "d_descriptor = %d, d_id = %lld\n",
-		dp->d_data.d_desc.d_descriptor, dp->d_data.d_desc.d_id);
+		    dp->d_data.d_desc.d_descriptor, dp->d_data.d_desc.d_id);
 
 		if ((dp->d_attributes & DOOR_DESCRIPTOR) &&
-			dp->d_data.d_desc.d_descriptor > 0 &&
-			dp->d_data.d_desc.d_id != 0) {
+		    dp->d_data.d_desc.d_descriptor > 0 &&
+		    dp->d_data.d_desc.d_id != 0) {
 			(void) mutex_lock(ch->mutex);
 			if (ch->child_door != -1)
 				(void) close(ch->child_door);
@@ -680,7 +680,7 @@ _nscd_proc_iamhere(
 			ch->child_state  = CHILD_STATE_PIDKNOWN;
 			_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
 			(me, "child in slot %d has door %d\n",
-				cslot, ch->child_door);
+			    cslot, ch->child_door);
 
 			/*
 			 * let waiters know that the child is ready to
@@ -691,7 +691,7 @@ _nscd_proc_iamhere(
 
 			/* monitor the child nscd */
 			(void) thr_create(NULL, 0, child_monitor,
-				ch, THR_DETACHED, NULL);
+			    ch, THR_DETACHED, NULL);
 			NSCD_SET_STATUS_SUCCESS(phdr);
 			break;
 		} else {
@@ -720,7 +720,7 @@ _nscd_proc_pulse(
 		(me, "MAIN IMPOSTER CAUGHT! i am %d not NSCD_MAIN\n", iam);
 
 		NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
-			NSCD_SELF_CRED_MAIN_IMPOSTER);
+		    NSCD_SELF_CRED_MAIN_IMPOSTER);
 	}
 
 	/* forker doesn't return stats, it just pauses */
@@ -752,7 +752,7 @@ _nscd_proc_pulse(
 			last_active = activity;
 			_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
 			(me, "active, sleep again for %d seconds\n",
-				pu_nscd_ttl);
+			    pu_nscd_ttl);
 		}
 		(void) mutex_unlock(&activity_lock);
 	}
@@ -785,11 +785,10 @@ _nscd_proc_fork(
 	/* only main nscd sends fork requests */
 	if (iam != NSCD_MAIN) {
 		_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
-		(me, "MAIN IMPOSTER CAUGHT! i am %d not NSCD_MAIN\n",
-			iam);
+		(me, "MAIN IMPOSTER CAUGHT! i am %d not NSCD_MAIN\n", iam);
 
 		NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
-			NSCD_SELF_CRED_MAIN_IMPOSTER);
+		    NSCD_SELF_CRED_MAIN_IMPOSTER);
 	}
 
 	/* only forker handles fork requests */
@@ -798,7 +797,7 @@ _nscd_proc_fork(
 		(me, "MAIN IMPOSTER CAUGHT! I AM NOT FORKER!\n");
 
 		NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
-			NSCD_SELF_CRED_WRONG_NSCD);
+		    NSCD_SELF_CRED_WRONG_NSCD);
 	}
 
 	/* fork a child for the slot assigned by the main nscd */
@@ -814,7 +813,7 @@ _nscd_proc_fork(
 		(me, "bas slot number\n");
 
 		NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
-		NSCD_SELF_CRED_INVALID_SLOT_NUMBER);
+		    NSCD_SELF_CRED_INVALID_SLOT_NUMBER);
 	}
 
 	_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
@@ -855,8 +854,8 @@ _nscd_proc_fork(
 		ih.slot = slot;
 		for (ret = NSS_ALTRETRY; ret == NSS_ALTRETRY; )
 			ret = _nscd_doorcall_sendfd(_doorfd,
-				NSCD_IMHERE | (NSCD_CHILD & NSCD_WHOAMI),
-				&ih, sizeof (ih), NULL);
+			    NSCD_IMHERE | (NSCD_CHILD & NSCD_WHOAMI),
+			    &ih, sizeof (ih), NULL);
 
 			NSCD_RETURN_STATUS_SUCCESS(phdr);
 	} if (cid  == (pid_t)-1) {
@@ -881,7 +880,7 @@ _nscd_proc_fork(
 
 		_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
 		(me, "child forked:  parent pid = %d, child pid = %d\n",
-		getpid(), cid);
+		    getpid(), cid);
 
 		NSCD_SET_STATUS_SUCCESS(phdr);
 	}
@@ -906,31 +905,32 @@ selfcred_fork(
 	/* if no door fd, do nothing */
 	if (doorfd == -1) {
 		NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
-			NSCD_SELF_CRED_NO_DOOR);
+		    NSCD_SELF_CRED_NO_DOOR);
 	}
 
 	_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
 	(me, "sending fork request to door %d for slot %d "
-		"(uid = %d, gid = %d)\n", doorfd, cslot, uid, gid);
+	    "(uid = %d, gid = %d)\n", doorfd, cslot, uid, gid);
 
 	f.slot = cslot;
 	f.uid = uid;
 	f.gid = gid;
 
 	ret = _nscd_doorcall_fd(doorfd, NSCD_FORK|(_whoami&NSCD_WHOAMI),
-		&f, sizeof (f), NULL, 0, phdr);
+	    &f, sizeof (f), NULL, 0, phdr);
 
 	_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
 	(me, "fork request sent to door %d for slot %d (rc = %d)\n",
-		doorfd, cslot, ret);
+	    doorfd, cslot, ret);
 
 	if (NSCD_STATUS_IS_NOT_OK(phdr)) {
 
 		_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
 		(me, "fork request sent to door %d for slot %d failed: "
-		"status = %d, errno = %s, nscd status = %d\n", doorfd,
-		cslot, NSCD_GET_STATUS(phdr), strerror(NSCD_GET_ERRNO(phdr)),
-		NSCD_GET_NSCD_STATUS(phdr));
+		    "status = %d, errno = %s, nscd status = %d\n", doorfd,
+		    cslot, NSCD_GET_STATUS(phdr),
+		    strerror(NSCD_GET_ERRNO(phdr)),
+		    NSCD_GET_NSCD_STATUS(phdr));
 
 	}
 }
@@ -957,7 +957,7 @@ _nscd_proc_alt_get(
 		(me, "no door to talk to the forker\n");
 
 		NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
-		NSCD_SELF_CRED_NO_FORKER);
+		    NSCD_SELF_CRED_NO_FORKER);
 	}
 
 	/* get door client's credential information */
@@ -967,7 +967,7 @@ _nscd_proc_alt_get(
 		(me, "door_ucred failed: %s\n", strerror(errnum));
 
 		NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, errnum,
-			NSCD_DOOR_UCRED_ERROR);
+		    NSCD_DOOR_UCRED_ERROR);
 	}
 
 	/* get door client's effective uid and effective gid */
@@ -984,10 +984,10 @@ _nscd_proc_alt_get(
 
 		_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
 		(me, "no child slot available (child array = %p, slot = %d)\n",
-			child, ch->child_slot);
+		    child, ch->child_slot);
 
 		NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
-			NSCD_SELF_CRED_NO_CHILD_SLOT);
+		    NSCD_SELF_CRED_NO_CHILD_SLOT);
 	}
 
 	/* create the per user nscd if necessary */
@@ -1001,7 +1001,7 @@ _nscd_proc_alt_get(
 
 			/* ask forker to fork a new child */
 			selfcred_fork(&phdr1, forking_door, ch->child_slot,
-				set2uid, set2gid);
+			    set2uid, set2gid);
 			if (NSCD_STATUS_IS_NOT_OK(&phdr1)) {
 				(void) mutex_unlock(ch->mutex);
 				NSCD_COPY_STATUS(phdr, &phdr1);
@@ -1012,7 +1012,7 @@ _nscd_proc_alt_get(
 
 		_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
 		(me, "waiting for door (slot = %d, uid = %d, gid = %d)\n",
-				ch->child_slot, set2uid, set2gid);
+		    ch->child_slot, set2uid, set2gid);
 
 		/* wait for the per user nscd to become available */
 		while (ch->child_state == CHILD_STATE_FORKSENT) {
@@ -1026,12 +1026,11 @@ _nscd_proc_alt_get(
 				(me, "cond_reltimedwait %d seconds\n", ttl);
 			err = cond_reltimedwait(ch->cond, ch->mutex, &to);
 			if (err == ETIME) {
-				ch->child_state =
-					CHILD_STATE_UIDKNOWN;
+				ch->child_state = CHILD_STATE_UIDKNOWN;
 				_NSCD_LOG(NSCD_LOG_SELF_CRED,
-					NSCD_LOG_LEVEL_DEBUG)
+				    NSCD_LOG_LEVEL_DEBUG)
 				(me, "door wait timedout (slot = %d)\n",
-					ch->child_slot);
+				    ch->child_slot);
 				break;
 			}
 		}
@@ -1041,14 +1040,14 @@ _nscd_proc_alt_get(
 	if (ch->child_state != CHILD_STATE_PIDKNOWN) {
 
 		NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
-			NSCD_SELF_CRED_INVALID_SLOT_STATE);
+		    NSCD_SELF_CRED_INVALID_SLOT_STATE);
 	}
 
 	*door = ch->child_door;
 
 	_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
 	(me, "returning door %d for slot %d, uid %d, gid = %d\n",
-		*door, ch->child_slot, set2uid, set2gid);
+	    *door, ch->child_slot, set2uid, set2gid);
 
 	NSCD_RETURN_STATUS(phdr, NSS_ALTRETRY, 0);
 }
@@ -1138,9 +1137,9 @@ _nscd_start_forker(
 			rl.rlim_cur = rl.rlim_max = RLIM_INFINITY;
 			if (setrlimit(RLIMIT_NOFILE, &rl) < 0) {
 				_NSCD_LOG(NSCD_LOG_SELF_CRED,
-					NSCD_LOG_LEVEL_ERROR)
+				    NSCD_LOG_LEVEL_ERROR)
 				(me, "Cannot set open file limit: %s\n",
-					strerror(errno));
+				    strerror(errno));
 				exit(1);
 			}
 
@@ -1226,7 +1225,7 @@ _nscd_is_self_cred_on(int recheck, char **dblist)
 		(void) get_ldap_funcs(ldap_sc_func, (void **)&ldap_func);
 	if (ldap_func != NULL) {
 		if (ldap_func(&ldap_config) == NS_LDAP_SUCCESS &&
-			ldap_config != NS_LDAP_SELF_GSSAPI_CONFIG_NONE)
+		    ldap_config != NS_LDAP_SELF_GSSAPI_CONFIG_NONE)
 			ldap_on = 1;
 	}
 
@@ -1277,7 +1276,7 @@ _nscd_peruser_getadmin(
 		(me, "door_ucred failed: %s\n", strerror(errnum));
 
 		NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, errnum,
-			NSCD_DOOR_UCRED_ERROR);
+		    NSCD_DOOR_UCRED_ERROR);
 	}
 
 	/* get door client's effective uid */
@@ -1292,12 +1291,12 @@ _nscd_peruser_getadmin(
 	ch = get_cslot(uid, 1);
 	if (ch == NULL) {
 		NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0,
-			NSCD_SELF_CRED_NO_CHILD_SLOT);
+		    NSCD_SELF_CRED_NO_CHILD_SLOT);
 	}
 
 	ret = _nscd_doorcall_fd(ch->child_door, NSCD_GETADMIN,
-		NULL, sizeof (nscd_admin_t), result_mn,
-		sizeof (nscd_admin_t), phdr);
+	    NULL, sizeof (nscd_admin_t), result_mn,
+	    sizeof (nscd_admin_t), phdr);
 
 	if (ret == NSS_SUCCESS) {
 		phdr->data_len = sizeof (nscd_admin_t);
@@ -1311,20 +1310,22 @@ set_selfcred_cfg(
 	void	*data)
 {
 	int64_t	prop_int;
+	uint8_t prop_boolean;
 	char	*me = "set_selfcred_cfg";
 
-	if (param == 'a' || param == 'e') {
+	if (param == 'e') {
+		prop_boolean = *(uint8_t *)data;
 		pu_nscd_enabled = *(uint8_t *)get_smf_prop(
-			"enable_per_user_lookup", 'b', data);
+		    "enable_per_user_lookup", 'b', &prop_boolean);
 
 		_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
 		(me, "self cred config: enabled = %d\n", pu_nscd_enabled);
 	}
 
-	if (param == 'a' || param == 't') {
+	if (param == 't') {
 		prop_int = *(int *)data;
 		pu_nscd_ttl = *(int64_t *)get_smf_prop(
-			"per_user_nscd_time_to_live", 'i', &prop_int);
+		    "per_user_nscd_time_to_live", 'i', &prop_int);
 
 		_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG)
 		(me, "self cred config: PUN TTL = %d\n", pu_nscd_ttl);
@@ -1356,15 +1357,11 @@ _nscd_cfg_selfcred_notify(
 		*sc_cfg = *(nscd_cfg_global_selfcred_t *)data;
 
 		off = offsetof(nscd_cfg_global_selfcred_t,
-			enable_selfcred);
+		    enable_selfcred);
 		set_selfcred_cfg('e', (char *)data + off);
 
 		off = offsetof(nscd_cfg_global_selfcred_t,
-			max_per_user_nscd);
-		set_selfcred_cfg('n', (char *)data + off);
-
-		off = offsetof(nscd_cfg_global_selfcred_t,
-			per_user_nscd_ttl);
+		    per_user_nscd_ttl);
 		set_selfcred_cfg('t', (char *)data + off);
 
 		return (NSCD_SUCCESS);
@@ -1380,13 +1377,6 @@ _nscd_cfg_selfcred_notify(
 		return (NSCD_SUCCESS);
 	}
 
-	off = offsetof(nscd_cfg_global_selfcred_t, max_per_user_nscd);
-	if (pdesc->p_offset == off) {
-		sc_cfg->max_per_user_nscd = *(int *)data;
-		set_selfcred_cfg('n', data);
-		return (NSCD_SUCCESS);
-	}
-
 	off = offsetof(nscd_cfg_global_selfcred_t, per_user_nscd_ttl);
 	if (pdesc->p_offset == off) {
 		sc_cfg->per_user_nscd_ttl = *(int *)data;
@@ -1462,7 +1452,7 @@ retry:
 	(void) close(pfd);
 
 	if (info.pr_pid != pid &&
-		info.pr_uid == uid && info.pr_euid == euid)
+	    info.pr_uid == uid && info.pr_euid == euid)
 		return (0);
 	else
 		return (1);
@@ -1549,7 +1539,7 @@ static void *
 get_smf_prop(const char *var, char type, void *def_val)
 {
 	scf_simple_prop_t	*prop;
-	void			*val = def_val;
+	void			*val;
 	char			*me = "get_smf_prop";
 
 	prop = scf_simple_prop_get(NULL, NULL, "config", var);
@@ -1557,14 +1547,14 @@ get_smf_prop(const char *var, char type, void *def_val)
 		switch (type) {
 		case 'b':
 			val = scf_simple_prop_next_boolean(prop);
+			if (val != NULL)
+				(void) memcpy(def_val, val, sizeof (uint8_t));
 			break;
 
 		case 'i':
 			val = scf_simple_prop_next_integer(prop);
-			break;
-
-		case 'c':
-			val = scf_simple_prop_next_count(prop);
+			if (val != NULL)
+				(void) memcpy(def_val, val, sizeof (int64_t));
 			break;
 		}
 		scf_simple_prop_free(prop);
@@ -1583,16 +1573,15 @@ get_smf_prop(const char *var, char type, void *def_val)
 			break;
 
 		case 'i':
-		case 'c':
 			(void) sprintf(vs, "%lld", *(int64_t *)def_val);
 			break;
 
 		}
 		_NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_ALERT)
 		(me, "no value for config/%s (%s). "
-			"Using default \"%s\"\n", var,
-			scf_strerror(scf_error()), vs);
+		    "Using default \"%s\"\n", var,
+		    scf_strerror(scf_error()), vs);
 	}
 
-	return (val);
+	return (def_val);
 }
diff --git a/usr/src/cmd/nscd/nscd_switch.c b/usr/src/cmd/nscd/nscd_switch.c
index 782cb20756..bab050e97f 100644
--- a/usr/src/cmd/nscd/nscd_switch.c
+++ b/usr/src/cmd/nscd/nscd_switch.c
@@ -1442,7 +1442,8 @@ nscd_map_contextp(void *buffer, nss_getent_t *contextp,
 
 	if (ctx == NULL) {
 		_NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG)
-		(me, "invalid cookie # (%lld)\n", cookie->p1_cookie_num);
+		(me, "No matching context found (cookie number: %lld)\n",
+		    cookie->p1_cookie_num);
 
 		NSCD_RETURN_STATUS(pbuf, NSS_ERROR, EFAULT);
 	}
@@ -1453,6 +1454,7 @@ nscd_map_contextp(void *buffer, nss_getent_t *contextp,
 		_NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG)
 		(me, "invalid sequence # (%lld)\n", cookie->p1_seqnum);
 
+		_nscd_free_ctx_if_aborted(ctx);
 		NSCD_RETURN_STATUS(pbuf, NSS_ERROR, EFAULT);
 	}
 
@@ -1643,6 +1645,9 @@ nss_pgetent(void *buffer, size_t length)
 	status = nss_packed_context_init(buffer, length,
 	    NULL, &initf, &contextp, &arg);
 	if (status != NSS_SUCCESS) {
+		clear_initf_key();
+		_nscd_free_ctx_if_aborted(
+		    (nscd_getent_context_t *)contextp->ctx);
 		NSCD_RETURN_STATUS(pbuf, status, -1);
 	}
 
@@ -1662,6 +1667,8 @@ nss_pgetent(void *buffer, size_t length)
 		(me, "getent OK, new sequence # = %lld, len = %lld,"
 		    " data = >>%s<<\n", *seqnum_p,
 		    pbuf->data_len, (char *)buffer + pbuf->data_off);
+
+		_nscd_free_ctx_if_aborted(ctx);
 	} else {
 		/* release the resources used */
 		ctx = (nscd_getent_context_t *)contextp->ctx;
diff --git a/usr/src/cmd/nscd/nscd_switch.h b/usr/src/cmd/nscd/nscd_switch.h
index eaca0d5e39..30763f0843 100644
--- a/usr/src/cmd/nscd/nscd_switch.h
+++ b/usr/src/cmd/nscd/nscd_switch.h
@@ -141,6 +141,9 @@ typedef struct nscd_getent_ctx_base {
  */
 typedef struct nscd_getent_context {
 	int				dbi;
+	mutex_t				getent_mutex;
+	int				aborted;
+	int				in_use;
 	nscd_seq_num_t			seq_num;
 	nscd_cookie_num_t		cookie_num;
 	pid_t				pid;	/* door client's pid */
@@ -319,6 +322,9 @@ _nscd_get_getent_ctx(
 void
 _nscd_put_getent_ctx(
 	nscd_getent_context_t	*ctx);
+void
+_nscd_free_ctx_if_aborted(
+	nscd_getent_context_t	*ctx);
 
 nscd_rc_t
 _nscd_init_all_nsw_config();
diff --git a/usr/src/lib/libsldap/common/ns_common.c b/usr/src/lib/libsldap/common/ns_common.c
index 268393e50d..199691295a 100644
--- a/usr/src/lib/libsldap/common/ns_common.c
+++ b/usr/src/lib/libsldap/common/ns_common.c
@@ -2286,7 +2286,7 @@ __s_api_removeServer(const char *server)
 				(void) __ns_ldap_freeError(&error);
 			}
 
-			return (-1);
+			return (NS_CACHE_NOSERVER);
 		}
 
 		return (0);
diff --git a/usr/src/lib/libsldap/common/ns_config.c b/usr/src/lib/libsldap/common/ns_config.c
index b4d8d88fde..2046a46bad 100644
--- a/usr/src/lib/libsldap/common/ns_config.c
+++ b/usr/src/lib/libsldap/common/ns_config.c
@@ -58,7 +58,7 @@
 #include "ns_cache_door.h"
 #include "ns_connmgmt.h"
 
-#pragma fini(__s_api_free_sessionPool, __s_api_shutdown_conn_mgmt, \
+#pragma fini(__s_api_shutdown_conn_mgmt, \
 	_free_config, __ns_ldap_doorfd_close)
 
 static mutex_t		ns_parse_lock = DEFAULTMUTEX;
diff --git a/usr/src/lib/libsldap/common/ns_connect.c b/usr/src/lib/libsldap/common/ns_connect.c
index e935a186b5..67cdee702f 100644
--- a/usr/src/lib/libsldap/common/ns_connect.c
+++ b/usr/src/lib/libsldap/common/ns_connect.c
@@ -176,11 +176,18 @@ __s_api_requestServer(const char *request, const char *server,
 	 * from the local libsldap's list
 	 */
 	if (__s_api_isStandalone()) {
-		if (__s_api_findRootDSE(ireq,
+		if ((ret_code = __s_api_findRootDSE(ireq,
 		    server,
 		    addrType,
 		    ret,
-		    error) != NS_LDAP_SUCCESS) {
+		    error)) != NS_LDAP_SUCCESS) {
+			/*
+			 * get first server from local list only once
+			 * to prevent looping
+			 */
+			if (strcmp(ireq, NS_CACHE_NEW) != 0)
+				return (ret_code);
+
 			syslog(LOG_WARNING,
 			    "libsldap (\"standalone\" mode): "
 			    "can not find any available server. "
diff --git a/usr/src/lib/libsldap/common/ns_connmgmt.c b/usr/src/lib/libsldap/common/ns_connmgmt.c
index d0e1ca0332..1bacf7fdd8 100755
--- a/usr/src/lib/libsldap/common/ns_connmgmt.c
+++ b/usr/src/lib/libsldap/common/ns_connmgmt.c
@@ -777,6 +777,7 @@ release_conn_mgmt(ns_conn_mgmt_t *cmg, boolean_t unlock_cmg)
 			if (unlock_cmg == B_TRUE)
 				(void) mutex_unlock(&cmg->lock);
 			free_conn_mgmt(cmg);
+			__s_api_free_sessionPool();
 			return (NULL);
 		} else {
 			syslog(LOG_WARNING,
diff --git a/usr/src/lib/libsldap/common/ns_standalone.c b/usr/src/lib/libsldap/common/ns_standalone.c
index 74f6ded348..439686dab0 100644
--- a/usr/src/lib/libsldap/common/ns_standalone.c
+++ b/usr/src/lib/libsldap/common/ns_standalone.c
@@ -1112,6 +1112,7 @@ __ns_ldap_getConnectionInfoFromDUA(const ns_dir_server_t *server,
 	Connection		*session = NULL;
 	char			errmsg[MAXERROR];
 	char			buffer[NSS_BUFLEN_HOSTS];
+	ns_conn_user_t		*cu = NULL;
 
 	if (errorp == NULL) {
 		__s_api_destroy_config(config_struct);
@@ -1194,6 +1195,11 @@ __ns_ldap_getConnectionInfoFromDUA(const ns_dir_server_t *server,
 
 	__s_api_setInitMode();
 
+	cu = __s_api_conn_user_init(NS_CONN_USER_SEARCH, NULL, B_FALSE);
+	if (cu == NULL) {
+		return (NS_LDAP_INTERNAL);
+	}
+
 	if ((ret_code = __s_api_getConnection(serverAddr,
 	    NS_LDAP_NEW_CONN,
 	    cred ? cred : &default_cred,
@@ -1202,7 +1208,8 @@ __ns_ldap_getConnectionInfoFromDUA(const ns_dir_server_t *server,
 	    errorp,
 	    0,
 	    0,
-	    NULL)) != NS_LDAP_SUCCESS) {
+	    cu)) != NS_LDAP_SUCCESS) {
+		__s_api_conn_user_free(cu);
 		__s_api_unsetInitMode();
 		return (ret_code);
 	}
@@ -1225,6 +1232,7 @@ __ns_ldap_getConnectionInfoFromDUA(const ns_dir_server_t *server,
 		    ret_code,
 		    strdup(errmsg),
 		    NS_LDAP_MEMORY);
+		__s_api_conn_user_free(cu);
 		DropConnection(sessionId, NS_LDAP_NEW_CONN);
 		return (ret_code);
 	}
@@ -1249,6 +1257,7 @@ __ns_ldap_getConnectionInfoFromDUA(const ns_dir_server_t *server,
 		    ret_code,
 		    strdup(errmsg),
 		    NS_LDAP_MEMORY);
+		__s_api_conn_user_free(cu);
 		DropConnection(sessionId, NS_LDAP_NEW_CONN);
 		return (ret_code);
 	}
@@ -1265,6 +1274,7 @@ __ns_ldap_getConnectionInfoFromDUA(const ns_dir_server_t *server,
 		free(duaProfile);
 	}
 
+	__s_api_conn_user_free(cu);
 	DropConnection(sessionId, NS_LDAP_NEW_CONN);
 
 	return (NS_LDAP_SUCCESS);
@@ -1302,6 +1312,7 @@ __ns_ldap_getRootDSE(const char *server_addr,
 	void			**paramVal = NULL;
 
 	ns_cred_t		anon;
+	ns_conn_user_t		*cu = NULL;
 
 	if (errorp == NULL) {
 		return (NS_LDAP_INVALID_PARAM);
@@ -1319,6 +1330,11 @@ __ns_ldap_getRootDSE(const char *server_addr,
 
 	__s_api_setInitMode();
 
+	cu = __s_api_conn_user_init(NS_CONN_USER_SEARCH, NULL, B_FALSE);
+	if (cu == NULL) {
+		return (NS_LDAP_INTERNAL);
+	}
+
 	/*
 	 * All the credentials will be taken from the current
 	 * libsldap configuration.
@@ -1331,7 +1347,7 @@ __ns_ldap_getRootDSE(const char *server_addr,
 	    errorp,
 	    0,
 	    0,
-	    NULL)) != NS_LDAP_SUCCESS) {
+	    cu)) != NS_LDAP_SUCCESS) {
 		/* Fallback to anonymous mode is disabled. Stop. */
 		if (anon_fallback == 0) {
 			syslog(LOG_WARNING,
@@ -1377,9 +1393,10 @@ __ns_ldap_getRootDSE(const char *server_addr,
 		    errorp,
 		    0,
 		    0,
-		    NULL);
+		    cu);
 
 		if (ret_code != NS_LDAP_SUCCESS) {
+			__s_api_conn_user_free(cu);
 			__s_api_unsetInitMode();
 			return (ret_code);
 		}
@@ -1435,8 +1452,10 @@ __ns_ldap_getRootDSE(const char *server_addr,
 			resultMsg = NULL;
 		}
 
+		__s_api_conn_user_free(cu);
 		return (NS_LDAP_OP_FAILED);
 	}
+	__s_api_conn_user_free(cu);
 
 	ret_code = convert_to_door_line(session->ld,
 	    resultMsg,