Re: (ITS#5661) contextCSN gets corrupted on the stand by mirror
by ando@sys-net.it
Ali Pouya wrote:
> Hi Pierangelo,
>>> contextCSN: 20080727021429.070493Z#000000#000#000000
>>> contextCSN:: +HYDCTA4MDIwMzM3MTguMzAwMTExWiMwMDAwMDAjMDAxIzAwMDAwMA==
>>
>> which looks like
>>
>> 4 bytes of garbage + "0802033718.300111Z#000000#001#000000"
>>
> Yes, but I would like to bring a precision :
> under VI the 4 bytes are handled as 2 characters only.
That's probably because vi incorrectly interprets that as a multi-byte
encoding, since it contains garbage. That's supposed to be a string
restricted to those chars that are allowed by generalized time, so you
shouldn't rely on vi guesses based on their actual, erroneous content.
> In fact each time
> the problem occurs I repair my database using a BDB C program wich reads
> the first key from id2entry.bdb and writes it on disk.
> Then I use vi to fix the contextCSN, before writing the key back to the
> database.
> Using vi I do not delete any characters. I only replace them by 20, then
> I fix the rest of the fields.
Then you'd get year 20 AD! The 08 you see in your broken entryCSN is
the month, not the last two digits of the year.
> Another precision : when the first two chars take corrupted, the rest of
> the contextCSN gets stuck and does not follow write operations.
>
>> I note that, according to the sid values you assigned to servers A and
>> B, the first contextCSN should not appear, since it has sid == 0,
>> while the second one, apart from the corruption, is plausible (as
>> you're writing to server A, with sid == 1).
>>
> Yes.
> The contextCSN with sid=0 is there because at the beginning I initiated
> my directory without SID (defaults to 0), then I set two difrent SIDs
> for A and B.
Can you try a fresh reload of the database(s) stripping out the entryCSN
and letting slapadd generate them, using the -S <SID> switch (along with
the -w switch), in order to enforce a SID of 001 (or 002, as you like)?
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Fax: +39 0382 476497
Email: ando(a)sys-net.it
-----------------------------------
14 years, 6 months
Re: (ITS#5671) using constraint uri results in slapd abort
by ando@sys-net.it
kkalev(a)noc.ntua.gr wrote:
> Full_Name: Kostas Kalevras
> Version: $OpenLDAP: slapd 2.4.11 (Aug 20 2008 14:21:11)
> OS: FreeBSD 6.3-RELEASE-p3
> URL: http://noc.ntua.gr/~kkalev/kostas.kalevras-20080829.txt
> Submission from: (NULL) (147.102.224.68)
>
>
> When enabling contraint overlay with the uri feature and running an ldap modify
> that will triger the contraint, slapd aborts. More information in the included
> logs
Sounds like a duplicate of ITS#5581, which was only partially fixed in
2.4.11. This should already be fixed in HEAD, please test. Also, try
removing the brackets from the filter in the constraint_attribute
statement; this should work around your issue while upgrading.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Fax: +39 0382 476497
Email: ando(a)sys-net.it
-----------------------------------
14 years, 6 months
Re: N-way multimaster replication problem (ITS#5617)
by miguel.jinez@gmail.com
Hello, I have complied openldap 2.4.11 now, and I have test again, but
the problem persist
El mié, 27-08-2008 a las 20:10 +0000, Gavin Henry escribió:
> Can you try on 2.4.11 now.
>
> Thanks.
14 years, 6 months
Re: (ITS#5545) Inconsistency in multi-master setup
by ghenry@OpenLDAP.org
> Have setup 2-node multi-master configuration. Found that when
> operating on same
> set of users at high loading, there will be consistency between the
> masters.
Can you confirm this on 2.4.11?
--
Kind Regards,
Gavin Henry.
OpenLDAP Engineering Team.
E ghenry(a)OpenLDAP.org
Community developed LDAP software.
http://www.openldap.org/project/
14 years, 6 months
RE: (ITS#5668) Invalid entryCSN generated, and slapd will not restart
by emmanuel.duru@atosorigin.com
I am running windows 32 bits.
Here is what I get from my debugging session:
After QueryPerformanceCounter( &count ), count.QuadPart is worth
4243738405535005
So the overflow comes from count.QuadPart *= 1000000;
> -----Message d'origine-----
> De : Howard Chu [mailto:hyc@symas.com]
> Envoyé : mercredi 27 août 2008 13:08
> À : openldap-its(a)openldap.org; Emmanuel Duru
> Objet : Re: (ITS#5668) Invalid entryCSN generated, and slapd will not
> restart
>
> ando(a)sys-net.it wrote:
> > emmanuel.duru(a)atosorigin.com wrote:
> >> I see that tm->tm_usub is negative, there seems to be overflows between
> >> LARGE_INTEGER and int variables.
>
> It would take over 4 billion operations in a single timer tick (on the
> order
> of nanoseconds) to make tm_usub overflow. That seems pretty unlikely.
>
> > If the problem disappears by initializing the static variables in
> > lutil_gettime(), then it might be a compiler issue.
>
> I suppose that's always possible...
>
> The original post shows that the tm_usec field is negative. That could
> happen
> if the offset we computed between the SYSTEMTIME and the
> PerformanceCounter
> was wrong, or if the SYSTEMTIME was adjusted while the process was
> running.
>
> What version of Windows are you running? 32 or 64 bit? Can you singlestep
> through this function with a debugger and verify all of the values? I
> haven't
> run this code on Windows in a long time, would take a bit of effort to
> resurrect my build environment.
>
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
14 years, 6 months
Re: (ITS#5669) slapd ...
by ali.pouya@free.fr
Howard Chu wrote :
>In fact, just drop the syncprov-reloadhint setting and you'll be fine. (Since
>you never have delete operations, reloads will never occur anyway.)
OK Howard.
Thanks for your help.
I tried to send this message several times.
May be you will receive more than one answer.
Best Regards
Ali
14 years, 6 months
Re: (ITS#5669) slapd ...
by ali.pouya@free.fr
Howard Chu wrote :
>In fact, just drop the syncprov-reloadhint setting and you'll be fine. (Since
>you never have delete operations, reloads will never occur anyway.)
OK Howard.
Thanks for your help.
I tried to send this message several times.
May be you will receive more than one answer.
Best Regards
Ali
14 years, 6 months
consumer crashing provider
by Dick Visser
(first post)
Hi guys
I am trying to set-up a pair of directory servers. Both of them run
Ubuntu 8.04, which has OpenLDAP-2.4.9.
I started out with one server, configured that to suit my needs (store
UNIX and smb accounts), which works fine. Next thing is to set-up a
second 'slave' server.
After reading the docs, I decided to go for the syncrepl style
replication for our micro tree. Everything seems to work fine. If I
start the consumer it nicely pulls content from the provider.
Retrieving the whole tree with ldapsearch from both servers yields
exactly the same ldif. Great.
However, if I now change something on my main server a.k.a. provider
(f.i. change a password), the next time the consumers contacts the
provider, the provider crashes:
root@ldap:/etc/ldap# slapd -f slapd.conf -g openldap -u openldap -d 15
[snip]
*** glibc detected *** slapd: free(): invalid size: 0xb676ef08 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0xb7c62a85]
/lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7c664f0]
/usr/lib/liblber-2.4.so.2(ber_memfree_x+0x4a)[0xb7f93b4a]
/usr/lib/ldap/syncprov-2.4.so.2[0xb787619a]
slapd(overlay_op_walk+0x34)[0x80da4e4]
slapd[0x80daaf7]
slapd(fe_op_search+0x313)[0x8078a73]
slapd(do_search+0x777)[0x80792e7]
slapd[0x807653f]
slapd[0x8076c36]
/usr/lib/libldap_r-2.4.so.2[0xb7fa4714]
/lib/tls/i686/cmov/libpthread.so.0[0xb7d4b4fb]
/lib/tls/i686/cmov/libc.so.6(clone+0x5e)[0xb7ccde5e]
======= Memory map: ========
Aborted
A slave server killing a master sort of defeats the whole purpose ;-)
Any ideas how to solve this?
If it makes any difference, here is the provider config:
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 4096
modulepath /usr/lib/ldap
moduleload back_hdb
moduleload syncprov
sizelimit 5000
tool-threads 1
backend hdb
database hdb
suffix "dc=terena,dc=org"
rootdn "cn=Replication,dc=terena,dc=org"
directory "/var/lib/ldap"
dbconfig set_cachesize 0 16777216 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index objectClass,entryCSN,entryUUID eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUid eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
lastmod on
checkpoint 512 30
overlay syncprov
syncprov-checkpoint 1 1
syncprov-sessionlog 100
access to
attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword
by dn="cn=admin,dc=terena,dc=org" write
by dn="cn=smbadmin,dc=terena,dc=org" read
by dn="cn=syncrepl,dc=terena,dc=org" read
by anonymous auth
by self write
by * none
access to *
by dn="cn=admin,dc=terena,dc=org" write
by * read
access to dn.base="" by * read
And here is the consumer config:
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 256
modulepath /usr/lib/ldap
moduleload back_hdb
sizelimit 500
tool-threads 1
backend hdb
database hdb
suffix "dc=terena,dc=org"
rootdn "cn=Replication,dc=terena,dc=org"
directory "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index objectClass,entryCSN,entryUUID eq
access to
attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword
by dn="cn=admin,dc=terena,dc=org" write
by dn="cn=smbadmin,dc=terena,dc=org" read
by anonymous auth
by self write
by * none
access to *
by dn="cn=admin,dc=terena,dc=org" write
by * read
access to dn.base="" by * read
syncrepl rid=000
provider=ldap://ldap.terena.org:389
type=refreshOnly
interval=00:00:00:60
retry="60 10 300 +"
searchbase="dc=terena,dc=org"
scope=sub
attrs=*
schemachecking=off
bindmethod=simple
binddn="cn=syncrepl,dc=terena,dc=org"
credentials=hackme
updateref ldap://ldap.terena.org:389
--
Dick Visser
TERENA IT Support Officer
TERENA Secretariat
Singel 468 D, 1017 AW Amsterdam
The Netherlands
T +31 20 530 44 88 F +31 20 530 44 99
visser(a)terena.org | www.terena.org
14 years, 6 months
