openldap-bugs October 2009

openldap-bugs@openldap.org

34 participants
223 discussions

Re: (ITS#6329) memberof overlay doesn't update entryCSN
by msmith＠cbnco.com 14 Oct '09

14 Oct '09

On Wed, 14 Oct 2009, masarati(a)aero.polimi.it wrote: > Should be fixed in HEAD (one-line fix, see overlays/memberof.c 1.25 -> 1.26). > > Please test. Thanks, p. Thanks - I applied this to openldap 2.4.19 and the entryCSNs now match on all nodes, as long as they're all up when a group is modified. I still get something strange if one node is down: if I remove a user from a group on the working node, then bring the failed node back, the failed node doesn't sync the modified group and user objects. For example, if I remove testuser3 from testgroup2 while node 2 is down, then bring node 2 back, I get this on node 1: dn: uid=testuser3,ou=people,dc=dom memberOf: cn=testgroup1,ou=group,dc=dom entryCSN: 20091015040419.455869Z#000000#001#000000 dn: cn=testgroup2,ou=group,dc=dom member: uid=testuser2,ou=people,dc=dom entryCSN: 20091015040419.455869Z#000000#001#000000 And this on node 2: dn: uid=testuser3,ou=people,dc=dom memberOf: cn=testgroup2,ou=group,dc=dom memberOf: cn=testgroup1,ou=group,dc=dom entryCSN: 20091015033445.046089Z#000000#002#000000 dn: cn=testgroup2,ou=group,dc=dom member: uid=testuser2,ou=people,dc=dom member: uid=testuser3,ou=people,dc=dom entryCSN: 20091015033233.354687Z#000000#001#000000 I don't have this problem with changes that don't involve member/memberOf attributes. For example, I can add a description attr to the group object while node 2 is down, and when I bring it back up, it picks up the change. On both nodes I've got the memberof and syncprov overlays turned on, in that order. dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config objectClass: olcOverlayConfig olcOverlay: {0}memberof dn: olcOverlay={1}syncprov,olcDatabase={1}hdb,cn=config objectClass: olcSyncProvConfig olcSpCheckpoint: 100 10 olcSpSessionlog: 1000 olcOverlay: {1}syncprov Thanks, Mike

1 0

Re: (ITS#6320)
by j＠telepaths.org 14 Oct '09

14 Oct '09

OK, for anyone following this thread, please refer to ITS #6331, as I believe this issue may not be a "replication issue" at all, rather a deadlock PREVENTING replication. Might as well close this ticket, thanks for everyone's help. Jeff

1 0

Re: (ITS#6331) slapd freezing, not accepting further 'write' operations while 'read' operations are unaffected
by j＠telepaths.org 14 Oct '09

14 Oct '09

OK, I was able to compile a set of Debian packages for version 2.4.19 using the source obtained from openldap.org. I have set up a mirror of our production environment (less a few servers). I have two provider servers in mirrormode, and configured for multimaster syncrepl. So far, no locks, no replication issues, everything seems peachy. Though, in real-life, the problem has a tendency to reappear sometimes a week after a slapd-restart. We'll see what happens. I will continue to update this ticket, detailing any further developments. Thanks again Pierangelo and Gibson, I appreciate your help. Jeff

1 0

Re: (ITS#6331) slapd freezing, not accepting further 'write' operations while 'read' operations are unaffected
by j＠telepaths.org 14 Oct '09

14 Oct '09

Thanks for responding, Pierangelo. I am asking (begging) my chief engineer to entertain this idea. Will report back ASAP. Thanks, Jeff On Oct 14, 2009, at 11:52 AM, masarati(a)aero.polimi.it wrote: >> Version: 2.4.17 > >> Occasionally, I will find one of my servers (running Debian/Lenny >> with >> back-ported slapd version 2.4.17) in a state where the following >> occurs: >> >> * Write operations will 'freeze' - leaving the requester at a frozen >> prompt or >> frozen LDAP-client of some kind (from wherever the write-operation >> originated). >> * slapd refuses to 'stop', even though it indicates that its >> waiting for >> "0" >> processes to complete. >> * Logs do not indicate a segfault nor any poorly terminated >> processes. >> * Read operations on same server continue to function normally. >> Any data >> that >> existed before the "freeze" is returned as it should be. > > You probably hit ITS#6276, which was fixed in 2.4.18. Can you > upgrade and > test? > > p. >

1 0

Re: (ITS#6331) slapd freezing, not accepting further 'write' operations while 'read' operations are unaffected
by masarati＠aero.polimi.it 14 Oct '09

14 Oct '09

> Version: 2.4.17 > Occasionally, I will find one of my servers (running Debian/Lenny with > back-ported slapd version 2.4.17) in a state where the following occurs: > > * Write operations will 'freeze' - leaving the requester at a frozen > prompt or > frozen LDAP-client of some kind (from wherever the write-operation > originated). > * slapd refuses to 'stop', even though it indicates that its waiting for > "0" > processes to complete. > * Logs do not indicate a segfault nor any poorly terminated processes. > * Read operations on same server continue to function normally. Any data > that > existed before the "freeze" is returned as it should be. You probably hit ITS#6276, which was fixed in 2.4.18. Can you upgrade and test? p.

1 0

Re: (ITS#6331) slapd freezing, not accepting further 'write' operations while 'read' operations are unaffected
by j＠telepaths.org 14 Oct '09

14 Oct '09

Quanah, Thanks for responding. Here are the answers to your questions: ldd /usr/sbin/slapd linux-vdso.so.1 => (0x00007fff4f1ff000) libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0x00007f2646c5e000) liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0x00007f2646a4f000) libdb-4.6.so => /usr/lib/libdb-4.6.so (0x00007f2646705000) libodbc.so.1 => /usr/lib/libodbc.so.1 (0x00007f26464a9000) libslp.so.1 => /usr/lib/libslp.so.1 (0x00007f2646297000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00007f264607d000) libgnutls.so.26 => /usr/lib/libgnutls.so.26 (0x00007f2645dcb000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x00007f2645b93000) libresolv.so.2 => /lib/libresolv.so.2 (0x00007f264597f000) libltdl.so.3 => /usr/lib/libltdl.so.3 (0x00007f2645778000) libwrap.so.0 => /lib/libwrap.so.0 (0x00007f264556f000) libpthread.so.0 => /lib/libpthread.so.0 (0x00007f2645353000) libc.so.6 => /lib/libc.so.6 (0x00007f2645000000) libnsl.so.1 => /lib/libnsl.so.1 (0x00007f2644de8000) libdl.so.2 => /lib/libdl.so.2 (0x00007f2644be4000) libtasn1.so.3 => /usr/lib/libtasn1.so.3 (0x00007f26449d4000) libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0x00007f2646fb5000) libz.so.1 => /usr/lib/libz.so.1 (0x00007f26447bd000) libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0x00007f2644556000) /lib64/ld-linux-x86-64.so.2 (0x00007f2646ea9000) From slapd.conf: tool-threads 4 # this has varied between 1 and 4 syncprov-checkpoint 1 5 # we've tried using the default settings, very lax settings, etc - never made a difference. checkpoint 10 1 # checkpointing for Berkeley And the rest of the Berkeley settings in our DIT suffix area: database hdb cachesize 10000 idlcachesize 30000 checksum cachefree 20 dncachesize 100000 dbconfig set_cachesize 1 0 2 dbconfig set_lg_max 10485760 dbconfig set_flags db_log_autoremove dbconfig set_lg_bsize 2097152 dbconfig set_lk_max_objects 5500 dbconfig set_lk_max_locks 5500 dbconfig set_lk_max_lockers 5500 The version of BDB is as fully-patched as Debian keeps up with it. We (as a company) stay on top of updates, while Debian only tends to fix security bugs and pretty much will ignore feature issues and lack- luster functionality in their packages. They do this religiously, which is shameful. Thanks again, Jeff

1 0

Re: (ITS#6329) memberof overlay doesn't update entryCSN
by masarati＠aero.polimi.it 14 Oct '09

14 Oct '09

> It looks like the memberof overlay doesn't update a user object's entryCSN > when > a group object is changed. I believe this causes trouble with syncrepl, at > least > in a multi-master configuration: if one node is down when the group object > is > changed, it won't know it needs to update the user object when it comes > back. Should be fixed in HEAD (one-line fix, see overlays/memberof.c 1.25 -> 1.26). Please test. Thanks, p.

1 0

Re: (ITS#6330) slapd memory leak
by masarati＠aero.polimi.it 14 Oct '09

14 Oct '09

> We have observed what we believe to be a memory leak in OpenLDAP 2.4.18 in > testing > while dynlist support. We have a script that randomly expands the member > lists > > of groups defined using dynlist. Running this script for a period of > about 24 > hours forces the slapd process to swap. > > It is not clear at all that dynlist is the problem because we were not > able to > see the problem with our test script until we surrounded each query with a > bind/unbind. (At least we didn't wait long enough to see it.) All > queries > perform GSSAPI binds to the directory. The problem is unaffected by using > either the MIT or Heimdal GSSAPI libraries. > > Our build of OpenLDAP 2.4.18 follows the debian configuration with the > exceptions: > * Patch for ITS6287 > * Patch for ITS6308 > * Patch to the index slots > * disable support for tcp_wrappers and disable rlookups > > The details of software versions, build options, slapd configuration, > scripts, > db_stat output and testing procedures are at > http://www.stanford.edu/~whm/files/slapd/readme.html. Apparently, accessing that URL requires a valid account. In any case, you should run slapd under valgrind for a while, in order to locate the leak. p.

1 0

Re: (ITS#6331) slapd freezing, not accepting further 'write' operations while 'read' operations are unaffected
by quanah＠zimbra.com 14 Oct '09

14 Oct '09

--On Wednesday, October 14, 2009 1:11 AM +0000 j(a)telepaths.org wrote: > Full_Name: Jeff Doyle > Version: 2.4.17 > OS: Debian/Lenny > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (130.94.106.251) > > > Greetings, > > Occasionally, I will find one of my servers (running Debian/Lenny with > back-ported slapd version 2.4.17) in a state where the following occurs: > > * Write operations will 'freeze' - leaving the requester at a frozen > prompt or frozen LDAP-client of some kind (from wherever the > write-operation originated). * slapd refuses to 'stop', even though it > indicates that its waiting for "0" processes to complete. > * Logs do not indicate a segfault nor any poorly terminated processes. > * Read operations on same server continue to function normally. Any > data that existed before the "freeze" is returned as it should be. > > Modules used: > > * accesslog > * back_hdb > * back_monitor > * back_relay > * back_rwm > * syncprov > > Servers are all fairly new, and reasonably beefy for their purposes: > > * 6GB RAM > * 2+ GHz CPU, all QuadCore Xeon and all running amd64 kernel (current > with Lenny) > * Plenty of Disk Space (gigs and gigs) > * Servers are SLEEPING (0.00 avg load) > > slapd is making use of 'tool-threads' with a value of '4' - however > changing this value has had no effect - Just a side note. tool threads only affects offline operations (slapadd). How many threads do you have configured? What version of BDB is slapd linked against? Is the bdb version fully patched? What is your checkpoint directive set to in both the accesslog and hdb databases? --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

(ITS#6332)
by l.mierzwa＠gmail.com 14 Oct '09

14 Oct '09

--0016e6d7df78582bd90475e3ecd0 Content-Type: text/plain; charset=ISO-8859-1 > but when I add member attribute I mean: when I add it to ldif, so it looks like: dn: cn=shell,ou=access,<basedn> changetype: modify replace: objectClass objectClass: groupOfNames objectClass: top - replace: cn cn: shell - replace: description description: blablabla - replace: member member: uid=user1[...] member: uid=user2[...] member: uid=user3[...] --0016e6d7df78582bd90475e3ecd0 Content-Type: text/html; charset=ISO-8859-1 > but when I add member attribute I mean: when I add it to ldif, so it looks like: dn: cn=shell,ou=access,<basedn> changetype: modify replace: objectClass objectClass: groupOfNames objectClass: top - replace: cn cn: shell - replace: description description: blablabla - replace: member member: uid=user1[...] member: uid=user2[...] member: uid=user3[...] --0016e6d7df78582bd90475e3ecd0--

1 0

← Newer
1
...
12
13
14
15
16
17
18
...
23
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs October 2009