OpenLDAP crash on write operation with syncprov overlay enabled
by Alexandre Biancalana
Hi list,
I'm migration an OpenLDAP server from Debian linux to FreeBSD 6-STABLE.
I exported the database from old server with slapcat and impoted at Free
without any problems. But when I enable syncprov overlay and do any write
operation (ie.: ldapmodify) on the base the OpenLDAP crash with signal 11.
I tested with FreeBSD 6-STABLE (cvsuped sources yesterday), FreeBSD
5-STABLE (cvsuped one month ago) with OpenLDAP 2.3 and 2.4 installed through
ports and packages, on diferent machines PIII SMP, Semprom UP, Centrino UP,
P4 UP. The problem just ocurs when the syncprov overlay is enabled.
Trying to debug this I run slapd through gdb:
Pink:/usr/local/etc/openldap # gdb /usr/local/libexec/slapd
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...(no debugging symbols
found)...
(gdb) run -u ldap -g ldap -d 1
Starting program: /usr/local/libexec/slapd -u ldap -g ldap -d 1
(no debugging symbols found)...(no debugging symbols found)...(no debugging
symbols found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols found)...(no
debugging symbols found)...(no debugging symbols found)...(no debugging
symbols found)...(no debugging symbols found)...(no debugging symbols
found)...@(#) $OpenLDAP: slapd 2.3.30 (Nov 30 2006 11:44:46) $
.(no debugging symbols found)...(no debugging symbols found)...(no debugging
symbols found)...(no debugging symbols found)...(no debugging symbols
found)...(no debugging symbols found)...(no debugging symbols found)...(no
debugging symbols found)...@(#) $OpenLDAP: slapd 2.3.30 (Nov 30 2006
11:44:46) $
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 3 (LWP 100229)]
0x0807f954 in fe_op_abandon ()
(gdb) bt
#0 0x0807f954 in fe_op_abandon ()
#1 0x0807f957 in fe_op_abandon ()
#2 0x0807f957 in fe_op_abandon ()
#3 0x0807f957 in fe_op_abandon ()
#4 0x0807f957 in fe_op_abandon ()
#5 0x0807f957 in fe_op_abandon ()
#6 0x0807f957 in fe_op_abandon ()
#7 0x0807f957 in fe_op_abandon ()
#8 0x0807f957 in fe_op_abandon ()
#9 0x0807f957 in fe_op_abandon ()
#10 0x0807f957 in fe_op_abandon ()
#11 0x0807f957 in fe_op_abandon ()
#12 0x0807f957 in fe_op_abandon ()
#13 0x0807f957 in fe_op_abandon ()
#14 0x0807f957 in fe_op_abandon ()
#15 0x0807f957 in fe_op_abandon ()
#16 0x0807f957 in fe_op_abandon ()
#17 0x0807f957 in fe_op_abandon ()
#18 0x0807f957 in fe_op_abandon ()
#19 0x0807f957 in fe_op_abandon ()
#20 0x0807f957 in fe_op_abandon ()
#21 0x0807f957 in fe_op_abandon ()
#22 0x0807f957 in fe_op_abandon ()
#23 0x0807f957 in fe_op_abandon ()
#24 0x0807f957 in fe_op_abandon ()
#25 0x0807f957 in fe_op_abandon ()
#26 0x0807f957 in fe_op_abandon ()
#27 0x0807f957 in fe_op_abandon ()
#28 0x0807f957 in fe_op_abandon ()
....
#29406 0x0807f957 in fe_op_abandon ()
#29407 0x0807f957 in fe_op_abandon ()
#29408 0x0807f957 in fe_op_abandon ()
^^^^^^^^^ ---> This look's like never end.....
Follow my slapd.conf:
============================
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/samba.schema
loglevel 1 8 16 256 512 16384
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/local/libexec/openldap
moduleload back_hdb
sizelimit unlimited
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 200
access to dn.base=""
by self write
by * auth
access to attrs=userPassword
by self write
by * auth
access to attrs=shadowLastChange
by self write
by * read
access to *
by * read
by anonymous auth
database hdb
suffix "dc=company,dc=com"
rootdn "cn=root,dc=company,dc=com"
rootpw my_secret_password
directory /var/db/openldap-data
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
index entryCSN eq
index entryUUID eq
I'm very pleased to someone that could help me to figure out where is the
problem....
Best Regards,
Alexandre Biancalana
16 years, 6 months
Re: (ITS#4764) ditStructureRules/dITStructureRules typo error?
by Kurt@OpenLDAP.org
At 11:59 PM 11/30/2006, wanggang.wang(a)gmail.com wrote:
>------=_Part_1103_3773705.1164959961858
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>Content-Transfer-Encoding: 7bit
>Content-Disposition: inline
>
>oh, not compiler. but at runtime the daemon will output this during
>initialization:
>...
>slap_schema_load: AttributeType "ditStructureRules": not defined in schema
>...
>I tested this on some mainframe. case difference does matter. when i changed
>the case, it ran ok.
Seems like strcasecmp(3) routines are not ignoring case as they should.
>On 12/1/06, Kurt D. Zeilenga <Kurt(a)openldap.org> wrote:
>>
>> At 10:32 PM 11/30/2006, wanggang.wang(a)gmail.com wrote:
>> >Full_Name: Gang Wang
>> >Version: 2.3.20
>> >OS:
>> >URL: ftp://ftp.openldap.org/incoming/
>> >Submission from: (NULL) (202.108.130.138)
>> >
>> >
>> >openldap-2.3.20/servers/slapd/schema_prep.c Line 370
>> >
>> > "MAY ( dITStructureRules $ nameForms $ ditContentRules $ "
>> > { "ditStructureRules", "( 2.5.21.1 NAME 'dITStructureRules' "
>> > { "ditContentRules", "( 2.5.21.2 NAME 'dITContentRules' "
>> >
>> >there are some "dIT" in the strings instead of "dit". is it some kind of
>> typo
>> >error? I'm porting this version to some operating system. the compiler
>> complains
>> >...
>>
>> About the case difference in these strings? I doubt that.
>>
>> Kurt
>>
>>
>
>------=_Part_1103_3773705.1164959961858
>Content-Type: text/html; charset=ISO-8859-1
>Content-Transfer-Encoding: 7bit
>Content-Disposition: inline
>
>oh, not compiler. but at runtime the daemon will output this during initialization:<br>...<br>slap_schema_load: AttributeType "ditStructureRules": not defined in schema<br>...<br>I tested this on some mainframe. case difference does matter. when i changed the case, it ran ok.
><br><br><div><span class="gmail_quote">On 12/1/06, <b class="gmail_sendername">Kurt D. Zeilenga</b> <<a href="mailto:Kurt@openldap.org">Kurt(a)openldap.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
>At 10:32 PM 11/30/2006, <a href="mailto:wanggang.wang@gmail.com">wanggang.wang(a)gmail.com</a> wrote:<br>>Full_Name: Gang Wang<br>>Version: 2.3.20<br>>OS:<br>>URL: <a href="ftp://ftp.openldap.org/incoming/">ftp://ftp.openldap.org/incoming/
></a><br>>Submission from: (NULL) (<a href="http://202.108.130.138">202.108.130.138</a>)<br>><br>><br>>openldap-2.3.20/servers/slapd/schema_prep.c Line 370<br>><br>> "MAY ( dITStructureRules $ nameForms $ ditContentRules $ "
><br>> { "ditStructureRules", "( <a href="http://2.5.21.1">2.5.21.1</a> NAME 'dITStructureRules' "<br>> { "ditContentRules", "( <a href="http://2.5.21.2">2.5.21.2</a> NAME 'dITContentRules' "
><br>><br>>there are some "dIT" in the strings instead of "dit". is it some kind of typo<br>>error? I'm porting this version to some operating system. the compiler complains<br>>...<br><br>
>About the case difference in these strings? I doubt that.<br><br>Kurt<br><br></blockquote></div>
>
>------=_Part_1103_3773705.1164959961858--
16 years, 6 months
Re: (ITS#4765) sd_actives in daemon.c not initialized?
by hyc@symas.com
Gang Wang wrote:
> Yes. but funny that you invoked FD_ZERO() for sd_readers and sd_writers.
> You are assuming the semantics of FD_ZERO() is to "set something as
> zero", but on some system it is not. For example, implement fd_set as an
> array, then 0 is a valid value. FD_ZERO() have to initialize something
> as -1 ...
> Funny that the code treat sd_actives differently.
That's a different question than you asked at first.
> BTW, I know C spec well.
Then you should know your original question has no dependency on the
compiler being used. Rather than waste people's time, you should ask
your actual question at the outset, not some meaningless one.
>
> On 12/1/06, *Howard Chu* <hyc(a)symas.com <mailto:hyc@symas.com>> wrote:
>
> wanggang.wang(a)gmail.com <mailto:wanggang.wang@gmail.com> wrote:
> > Full_Name: Gang Wang
> > Version: 2.3.20
> > OS:
> > URL: ftp://ftp.openldap.org/incoming/
> > Submission from: (NULL) ( 202.108.130.138 <http://202.108.130.138>)
> >
> >
> > openldap-2.3.20/servers/slapd/daemon.c
> >
> > There is one declaration in slap_daemon structure:
> >
> > fd_set sd_actives;
> >
> > this variable is not initialized ... is this OK with all compilers?
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
16 years, 6 months
Re: (ITS#4765) sd_actives in daemon.c not initialized?
by wanggang.wang@gmail.com
------=_Part_1433_15850837.1164961653601
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Yes. but funny that you invoked FD_ZERO() for sd_readers and sd_writers. You
are assuming the semantics of FD_ZERO() is to "set something as zero", but
on some system it is not. For example, implement fd_set as an array, then 0
is a valid value. FD_ZERO() have to initialize something as -1 ...
Funny that the code treat sd_actives differently.
BTW, I know C spec well.
On 12/1/06, Howard Chu <hyc(a)symas.com> wrote:
>
> wanggang.wang(a)gmail.com wrote:
> > Full_Name: Gang Wang
> > Version: 2.3.20
> > OS:
> > URL: ftp://ftp.openldap.org/incoming/
> > Submission from: (NULL) (202.108.130.138)
> >
> >
> > openldap-2.3.20/servers/slapd/daemon.c
> >
> > There is one declaration in slap_daemon structure:
> >
> > fd_set sd_actives;
> >
> > this variable is not initialized ... is this OK with all compilers?
>
> It is a basic part of the C language specification - variables declared
> at file scope are implicitly initialized to zero. Perhaps you need to
> study the language a bit more before trying to do any more work in it.
>
> --
> -- Howard Chu
> Chief Architect, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc
> OpenLDAP Core Team http://www.openldap.org/project/
>
------=_Part_1433_15850837.1164961653601
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Yes. but funny that you invoked FD_ZERO() for sd_readers and sd_writers. You are assuming the semantics of FD_ZERO() is to "set something as zero", but on some system it is not. For example, implement fd_set as an array, then 0 is a valid value. FD_ZERO() have to initialize something as -1 ...
<br>Funny that the code treat sd_actives differently.<br><br>BTW, I know C spec well.<br><br><div><span class="gmail_quote">On 12/1/06, <b class="gmail_sendername">Howard Chu</b> <<a href="mailto:hyc@symas.com">hyc(a)symas.com
</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><a href="mailto:wanggang.wang@gmail.com">wanggang.wang(a)gmail.com</a> wrote:
<br>> Full_Name: Gang Wang<br>> Version: 2.3.20<br>> OS:<br>> URL: <a href="ftp://ftp.openldap.org/incoming/">ftp://ftp.openldap.org/incoming/</a><br>> Submission from: (NULL) (<a href="http://202.108.130.138">
202.108.130.138</a>)<br>><br>><br>> openldap-2.3.20/servers/slapd/daemon.c<br>><br>> There is one declaration in slap_daemon structure:<br>><br>> fd_set sd_actives;<br>><br>> this variable is not initialized ... is this OK with all compilers?
<br><br>It is a basic part of the C language specification - variables declared<br>at file scope are implicitly initialized to zero. Perhaps you need to<br>study the language a bit more before trying to do any more work in it.
<br><br>--<br> -- Howard Chu<br> Chief Architect, Symas Corp. <a href="http://www.symas.com">http://www.symas.com</a><br> Director, Highland Sun <a href="http://highlandsun.com/hyc">http://highlandsun.com/hyc
</a><br> OpenLDAP Core Team <a href="http://www.openldap.org/project/">http://www.openldap.org/project/</a><br></blockquote></div><br>
------=_Part_1433_15850837.1164961653601--
16 years, 6 months
Re: (ITS#4764) ditStructureRules/dITStructureRules typo error?
by wanggang.wang@gmail.com
------=_Part_1103_3773705.1164959961858
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
oh, not compiler. but at runtime the daemon will output this during
initialization:
...
slap_schema_load: AttributeType "ditStructureRules": not defined in schema
...
I tested this on some mainframe. case difference does matter. when i changed
the case, it ran ok.
On 12/1/06, Kurt D. Zeilenga <Kurt(a)openldap.org> wrote:
>
> At 10:32 PM 11/30/2006, wanggang.wang(a)gmail.com wrote:
> >Full_Name: Gang Wang
> >Version: 2.3.20
> >OS:
> >URL: ftp://ftp.openldap.org/incoming/
> >Submission from: (NULL) (202.108.130.138)
> >
> >
> >openldap-2.3.20/servers/slapd/schema_prep.c Line 370
> >
> > "MAY ( dITStructureRules $ nameForms $ ditContentRules $ "
> > { "ditStructureRules", "( 2.5.21.1 NAME 'dITStructureRules' "
> > { "ditContentRules", "( 2.5.21.2 NAME 'dITContentRules' "
> >
> >there are some "dIT" in the strings instead of "dit". is it some kind of
> typo
> >error? I'm porting this version to some operating system. the compiler
> complains
> >...
>
> About the case difference in these strings? I doubt that.
>
> Kurt
>
>
------=_Part_1103_3773705.1164959961858
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
oh, not compiler. but at runtime the daemon will output this during initialization:<br>...<br>slap_schema_load: AttributeType "ditStructureRules": not defined in schema<br>...<br>I tested this on some mainframe. case difference does matter. when i changed the case, it ran ok.
<br><br><div><span class="gmail_quote">On 12/1/06, <b class="gmail_sendername">Kurt D. Zeilenga</b> <<a href="mailto:Kurt@openldap.org">Kurt(a)openldap.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
At 10:32 PM 11/30/2006, <a href="mailto:wanggang.wang@gmail.com">wanggang.wang(a)gmail.com</a> wrote:<br>>Full_Name: Gang Wang<br>>Version: 2.3.20<br>>OS:<br>>URL: <a href="ftp://ftp.openldap.org/incoming/">ftp://ftp.openldap.org/incoming/
</a><br>>Submission from: (NULL) (<a href="http://202.108.130.138">202.108.130.138</a>)<br>><br>><br>>openldap-2.3.20/servers/slapd/schema_prep.c Line 370<br>><br>> "MAY ( dITStructureRules $ nameForms $ ditContentRules $ "
<br>> { "ditStructureRules", "( <a href="http://2.5.21.1">2.5.21.1</a> NAME 'dITStructureRules' "<br>> { "ditContentRules", "( <a href="http://2.5.21.2">2.5.21.2</a> NAME 'dITContentRules' "
<br>><br>>there are some "dIT" in the strings instead of "dit". is it some kind of typo<br>>error? I'm porting this version to some operating system. the compiler complains<br>>...<br><br>
About the case difference in these strings? I doubt that.<br><br>Kurt<br><br></blockquote></div>
------=_Part_1103_3773705.1164959961858--
16 years, 6 months
Re: (ITS#4764) ditStructureRules/dITStructureRules typo error?
by Kurt@OpenLDAP.org
At 10:32 PM 11/30/2006, wanggang.wang(a)gmail.com wrote:
>Full_Name: Gang Wang
>Version: 2.3.20
>OS:
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (202.108.130.138)
>
>
>openldap-2.3.20/servers/slapd/schema_prep.c Line 370
>
> "MAY ( dITStructureRules $ nameForms $ ditContentRules $ "
> { "ditStructureRules", "( 2.5.21.1 NAME 'dITStructureRules' "
> { "ditContentRules", "( 2.5.21.2 NAME 'dITContentRules' "
>
>there are some "dIT" in the strings instead of "dit". is it some kind of typo
>error? I'm porting this version to some operating system. the compiler complains
>...
About the case difference in these strings? I doubt that.
Kurt
16 years, 6 months
Re: (ITS#4763) slapd crashed with ldapsearch command without arguments
by hyc@symas.com
Since it appears that you're using BerkeleyDB 4.5 which is not the
default version installed on your platform, most likely you have
conflicting libdb libraries loaded. If you're using the default
libsasl2, then this is certainly the problem. You can find out for sure
by running slapd under gdb. When it crashes use the command "info
shared" to see what shared libraries are present. If you see two
different versions of libdb, that's your problem. You'll need to rebuild
whatever other libraries are using the other libdb version and get
everything onto the same version.
At any rate, I don't believe there's any bug in OpenLDAP software here.
This ITS will be closed.
saint.cn(a)gmail.com wrote:
> Full_Name: Jack Chen
> Version: 2.3.27
> OS: Redhat AS 3.0 2.4.21-40.ELsmp
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (60.12.9.18)
>
>
> I found when I run ldap commands without arguments always get password imput
> requirement before result. But the command always told me
> "ldap_sasl_interactive_bind_s: Can't contact LDAP server". Then I found the
> slapd crashed.
>
> Then I start slpad with command like "slpad -d 256" with root account and want
> to get debug information before slpad crash.
>
> Then following is the startup information:
> =====================================================================
> @(#) $OpenLDAP: slapd 2.3.27 (Sep 30 2006 16:10:17) $
> root@caivs:/home/jack/tools/openldap-2.3.27/servers/slapd
> daemon: IPv6 socket() failed errno=97 (Address family not supported by
> protocol)
> bdb_db_open: unclean shutdown detected; attempting recovery.
> bdb_db_open: Warning - No DB_CONFIG file found in directory
> /usr/local/openldap/var/openldap-data: (2)
> Expect poor performance for suffix dc=test,dc=com.
> slapd starting
> =====================================================================
>
> And when I input command "ldapsearch" in shell with root account, and input
> password with any words and return. The command tell me like following:
> =====================================================================
> /usr/local/BerkeleyDB.4.5/bin:$ldapsearch
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Can't contact LDAP server
> =====================================================================
>
> And I check the console which is running slapd, and get following information:
> =====================================================================
> conn=0 fd=10 ACCEPT from IP=127.0.0.1:33518 (IP=0.0.0.0:389)
> conn=0 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
> conn=0 op=0 SRCH attr=supportedSASLMechanisms
> conn=0 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
> conn=0 op=1 BIND dn="" method=163
> conn=0 op=1 RESULT tag=97 err=14 text=
> conn=0 op=2 BIND dn="" method=163
> /etc/sasldb2: Successful return: 0
> segment fault (core dumped)
> =====================================================================
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
16 years, 6 months
(ITS#4764) ditStructureRules/dITStructureRules typo error?
by wanggang.wang@gmail.com
Full_Name: Gang Wang
Version: 2.3.20
OS:
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (202.108.130.138)
openldap-2.3.20/servers/slapd/schema_prep.c Line 370
"MAY ( dITStructureRules $ nameForms $ ditContentRules $ "
{ "ditStructureRules", "( 2.5.21.1 NAME 'dITStructureRules' "
{ "ditContentRules", "( 2.5.21.2 NAME 'dITContentRules' "
there are some "dIT" in the strings instead of "dit". is it some kind of typo
error? I'm porting this version to some operating system. the compiler complains
...
16 years, 6 months