(ITS#6892) Segfault in Syncprov overlay
by ghola@rebelbase.com
Full_Name: Duncan Idaho
Version: 2.4.25
OS: RHEL 5.5
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (204.10.36.147)
In my configuration slapd segfaults within a few hours repeatably when a NULL
value is somehow passed as a filter to test_filter in the syncprov overlay.
I'm running "threads 64" as I have 62 consumers connecting and this was required
to prevent unrelated searches from timing out when all the consumers connect at
once.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x59832940 (LWP 2042)]
test_filter (op=0x59830770, e=0x2aab11861068, f=0x0) at filterentry.c:69
69 if ( f->f_choice & SLAPD_FILTER_UNDEFINED ) {
(gdb) bt
#0 test_filter (op=0x59830770, e=0x2aab11861068, f=0x0) at filterentry.c:69
#1 0x00000000004db315 in syncprov_matchops (op=0x59831130, opc=0xbc91750,
saveit=1) at syncprov.c:1314
#2 0x00000000004db6b5 in syncprov_op_mod (op=0x59831130, rs=<value optimized
out>) at syncprov.c:2124
#3 0x000000000047e62a in overlay_op_walk (op=0x59831130, rs=0x59830f40,
which=op_modify, oi=0x8d7b50, on=0x8dc540) at backover.c:659
#4 0x000000000047ec07 in over_op_func (op=0x59831130, rs=0x59830f40,
which=op_modify) at backover.c:721
#5 0x000000000047404d in syncrepl_updateCookie (si=0x8d74e0, op=0x59831130,
syncCookie=0x59831aa0) at syncrepl.c:3292
#6 0x0000000000479d0d in do_syncrep2 (ctx=<value optimized out>, arg=<value
optimized out>) at syncrepl.c:959
#7 do_syncrepl (ctx=<value optimized out>, arg=<value optimized out>) at
syncrepl.c:1455
#8 0x000000000041f7aa in connection_read_thread (ctx=0x59831d70, argv=<value
optimized out>) at connection.c:1251
#9 0x00000000004ec5ec in ldap_int_thread_pool_wrapper (xpool=0x84de50) at
tpool.c:685
#10 0x000000301b20673d in start_thread (arg=<value optimized out>) at
pthread_create.c:301
#11 0x000000301aad44bd in clone () from /lib64/libc.so.6
Let me know if I can provide more info.
11 years, 11 months
Re: (ITS#6884) contrib: password syntax checking overlay
by mathieu.baeumler@gmail.com
On Wed, Mar 30, 2011 at 12:43 AM, Kurt Zeilenga <Kurt(a)openldap.org> wrote:
> Your submission lacks a notice of origin. Please review http://www.openldap.org/devel/contributing.html
>
> Please also note that git-format-patch(1) format submissions are now preferred.
ok, I'm trying again, sorry I didn't catch the change to git...
I've uploaded the patch created using git-format-patch in:
incoming/mathieu-baeumler-110406.patch
Here is the updated notice of origin followed by rights statement,
included in every files contained in the patch:
The attached patch file is derived from OpenLDAP Software.
All of the modifications to OpenLDAP Software represented in the following
patch were developed by Mathieu Baeumler <mathieu.baeumler(a)gmail.com>.
I have not assigned rights and/or interest in this work to any party.
Redistribution and use in source and binary forms, with or without
modification, are permitted only as authorized by the OpenLDAP Public License.
A copy of this license is available in the file LICENSE in the top-level
directory of the distribution or, alternatively, at
<http://www.OpenLDAP.org/license.html>.
Hope it's correct now.
--
Mathieu
11 years, 11 months
(ITS#6891) pcache crashes after 2.4.25 upgrade; complains of unclean shutdowns and missing DB_CONFIGs after every restart
by tgates81@gmail.com
Full_Name: Tyler Gates
Version: 2.4.25
OS: Ubuntu 10.04 LTS
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (65.184.61.44)
After upgrading from 2.4.24 to 2.4.25 my pcache overlay using hdb
backend first failed to start with messages complaining about a
missing suffix. Now that I've added one I'm getting the following
message:
hdb_db_open: database "dc=example,dc=com": unclean shutdown detected;
attempting recovery.
hdb_db_open: warning - no DB_CONFIG file found in directory
/var/lib/ldap: (14).#012Expect poor performance for suffix
"dc=example,dc=com".
slapd starting
bdb(dc=example,dc=com): PANIC: fatal region error detected; run recovery
last message repeated 3 times
But DB_CONFIG does exist and has proper permissions and the unclean
shutdown message repeats after every restart. I've never had to add
the suffix to the pcache backend database before and the documentation
examples (http://www.openldap.org/doc/admin24/proxycache.html) never
mention it either.
PCACHE OVERLAY:
dn: olcOverlay={0}pcache
objectClass: olcOverlayConfig
objectClass: olcPcacheConfig
olcOverlay: {0}pcache
olcPcache: hdb 100000 3 1000 100
olcPcacheAttrset: 0 uid userPassword uidNumber gidNumber cn homeDirectory logi
nShell gecos description memberUid uniqueMember objectClass
olcPcacheAttrset: 1 cn automountInformation
olcPcacheAttrset: 2 cn mail
olcPcacheTemplate: "(|(cn=)(mail=)(sn=))" 2 7200 0 0 0
olcPcacheTemplate: "(&(objectClass=)(|(cn=)(cn=)(cn=)))" 1 3600 600 0 0
olcPcacheTemplate: "(&(objectClass=)(|(cn=)(cn=)))" 1 3600 600 0 0
olcPcacheTemplate: "(&(objectClass=)(|(cn=)(gidNumber=)))" 1 3600 600 0 0
olcPcacheTemplate: "(&(objectClass=)(gidNumber=))" 0 1800 0 0 0
olcPcacheTemplate: "(&(objectClass=)(uidNumber=))" 0 1800 0 0 0
olcPcacheTemplate: "(&(objectClass=)(uniqueMember=))" 0 1800 900 0 0
olcPcacheTemplate: "(&(objectClass=)(memberUid=))" 0 1800 900 0 0
olcPcacheTemplate: "(objectClass=)" 0 1800 0 0 0
olcPcacheTemplate: "(&(objectClass=))" 0 1800 0 0 0
olcPcacheTemplate: "(&(objectClass=)(cn=))" 0 1800 0 0 0
olcPcacheTemplate: "(&(objectClass=)(uid=))" 0 1800 0 0 0
olcPcacheTemplate: "(&(objectClass=)(|(memberUid=)(uniqueMember=)))" 0 1800 0
0 0
olcPcachePosition: tail
olcPcacheMaxQueries: 10000
olcPcachePersist: FALSE
olcPcacheValidate: FALSE
olcPcacheOffline: FALSE
HDB backend:
dn: olcDatabase={0}hdb
objectClass: olcHdbConfig
objectClass: olcPcacheDatabase
olcDatabase: {0}hdb
olcDbDirectory: /var/lib/ldap
olcDbCacheSize: 1000
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 3000
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
createTimestamp: 20110225174535Z
olcDbConfig: {0}set_cachesize 0 10485760 1
olcDbConfig: {1}set_lg_regionmax 262144
olcDbConfig: {2}set_lg_bsize 2097152
olcDbConfig: {3}set_flags DB_LOG_AUTOREMOVE
olcDbConfig: {4}set_lg_max 10485760
olcDbIndex: objectClass eq
olcDbIndex: cn eq,subinitial
olcDbIndex: uid eq,subinitial
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: userPassword eq
olcDbIndex: description eq
olcDbIndex: loginShell eq
olcDbIndex: homeDirectory eq
olcDbIndex: memberUid eq
olcDbIndex: gecos eq
olcDbIndex: automountInformation eq
olcDbIndex: uniqueMember eq
olcDbIndex: mail eq,subinitial
olcDbIndex: sn eq,subinitial
olcDbIndex: givenName eq,subinitial
olcDbIndex: member eq
olcDbIndex: nisMapName eq
olcDbIndex: pcacheQueryID eq
olcSuffix: dc=example,dc=com
slapd doesn't actually 'crash' as in stops running but querying is rendered
useless. Here's the output from gdb:
>>> slap_listener(ldapi:///)
daemon: listen=9, new connection on 12
daemon: added 12r (active) listener=(nil)
conn=1000 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi
(PATH=/var/run/slapd/ldapi)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=9 active_threads=1 tvp=zero
daemon: activity on 1 descriptor
daemon: activity on: 12r
daemon: read active on 12
daemon: epoll: listen=9 active_threads=1 tvp=zero
connection_get(12)
connection_get(12): got connid=1000
connection_read(12): checking for input on id=1000
ber_get_next
ldap_read: want=8, got=8
0000: 30 0c 02 01 01 60 07 02 0....`..
ldap_read: want=6, got=6
0000: 01 03 04 00 80 00 ......
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0xb891a5a0 ptr=0xb891a5a0 end=0xb891a5ac len=12
0000: 02 01 01 60 07 02 01 03 04 00 80 00 ...`........
op tag 0x60, time 1302056893
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
conn=1000 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0xb891a5a0 ptr=0xb891a5a3 end=0xb891a5ac len=9
0000: 60 07 02 01 03 04 00 80 00 `........
ber_scanf fmt (m}) ber:
ber_dump: buf=0xb891a5a0 ptr=0xb891a5aa end=0xb891a5ac len=2
0000: 00 00 ..
>>> dnPrettyNormal: <>
daemon: activity on 1 descriptor
<<< dnPrettyNormal: <>, <>
conn=1000 op=0 BIND dn="" method=128
do_bind: version=3 dn="" method=128
send_ldap_result: conn=1000 op=0 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=1 tag=97 err=0
ber_flush2: 14 bytes to sd 12
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
conn=1000 op=0 RESULT tag=97 err=0 text=
do_bind: v3 anonymous bind
daemon: activity on:
daemon: epoll: listen=9 active_threads=1 tvp=zero
daemon: activity on 1 descriptor
daemon: activity on: 12r
daemon: read active on 12
daemon: epoll: listen=9 active_threads=1 tvp=zero
connection_get(12)
connection_get(12): got connid=1000
connection_read(12): checking for input on id=1000
ber_get_next
ldap_read: want=8, got=8
0000: 30 44 02 01 02 63 3f 04 0D...c?.
ldap_read: want=62, got=62
0000: 16 64 63 3d 63 61 73 74 6c 65 62 72 61 6e 63 68 .dc=castlebranch
0010: 2c 64 63 3d 63 6f 6d 0a 01 02 0a 01 03 02 01 00 ,dc=com.........
0020: 02 01 00 01 01 00 a0 10 a3 0e 04 03 75 69 64 04 ............uid.
0030: 07 74 6a 67 61 74 65 73 30 04 04 02 64 6e .tjgates0...dn
ber_get_next: tag 0x30 len 68 contents:
ber_dump: buf=0xb891a570 ptr=0xb891a570 end=0xb891a5b4 len=68
0000: 02 01 02 63 3f 04 16 64 63 3d 63 61 73 74 6c 65 ...c?..dc=castle
0010: 62 72 61 6e 63 68 2c 64 63 3d 63 6f 6d 0a 01 02 branch,dc=com...
0020: 0a 01 03 02 01 00 02 01 00 01 01 00 a0 10 a3 0e ................
0030: 04 03 75 69 64 04 07 74 6a 67 61 74 65 73 30 04 ..uid..tjgates0.
0040: 04 02 64 6e ..dn
op tag 0x63, time 1302056893
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
conn=1000 op=1 do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0xb891a570 ptr=0xb891a573 end=0xb891a5b4 len=65
0000: 63 3f 04 16 64 63 3d 63 61 73 74 6c 65 62 72 61 c?..dc=castlebra
0010: 6e 63 68 2c 64 63 3d 63 6f 6d 0a 01 02 0a 01 03 nch,dc=com......
0020: 02 01 00 02 01 00 01 01 00 a0 10 a3 0e 04 03 75 ...............u
0030: 69 64 04 07 74 6a 67 61 74 65 73 30 04 04 02 64 id..tjgates0...d
0040: 6e n
>>> dnPrettyNormal: <dc=castlebranch,dc=com>
=> ldap_bv2dn(dc=castlebranch,dc=com,0)
<= ldap_bv2dn(dc=castlebranch,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=castlebranch,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=castlebranch,dc=com)=0
<<< dnPrettyNormal: <dc=castlebranch,dc=com>, <dc=castlebranch,dc=com>
SRCH "dc=castlebranch,dc=com" 2 3 0 0 0
begin get_filter
AND
begin get_filter_list
daemon: activity on 1 descriptor
begin get_filter
EQUALITY
ber_scanf fmt ({mm}) ber:
ber_dump: buf=0xb891a570 ptr=0xb891a59e end=0xb891a5b4 len=22
0000: a3 0e 04 03 75 69 64 04 07 74 6a 67 61 74 65 73 ....uid..tjgates
0010: 30 04 04 02 64 6e 0...dn
end get_filter 0
end get_filter_list
end get_filter 0
filter: (&(uid=tjgates))
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0xb891a570 ptr=0xb891a5ae end=0xb891a5b4 len=6
0000: 00 04 04 02 64 6e ....dn
attrs: dn
conn=1000 op=1 SRCH base="dc=castlebranch,dc=com" scope=2 deref=3
filter="(&(uid=tjgates))"
conn=1000 op=1 SRCH attr=dn
==> limits_get: conn=1000 op=1 self="[anonymous]" this="dc=castlebranch,dc=com"
=> hdb_search
bdb(dc=castlebranch,dc=com): PANIC: fatal region error detected; run recovery
daemon: activity on:
daemon: epoll: listen=9 active_threads=1 tvp=zero
bdb(dc=castlebranch,dc=com): PANIC: fatal region error detected; run recovery
bdb(dc=castlebranch,dc=com): PANIC: fatal region error detected; run recovery
bdb(dc=castlebranch,dc=com): PANIC: fatal region error detected; run recovery
send_ldap_result: conn=1000 op=1 p=3
send_ldap_result: err=80 matched="" text="internal error"
send_ldap_response: msgid=2 tag=101 err=80
ber_flush2: 28 bytes to sd 12
0000: 30 1a 02 01 02 65 15 0a 01 50 04 00 04 0e 69 6e 0....e...P....in
0010: 74 65 72 6e 61 6c 20 65 72 72 6f 72 ternal error
ldap_write: want=28, written=28
0000: 30 1a 02 01 02 65 15 0a 01 50 04 00 04 0e 69 6e 0....e...P....in
0010: 74 65 72 6e 61 6c 20 65 72 72 6f 72 ternal error
conn=1000 op=1 SEARCH RESULT tag=101 err=80 nentries=0 text=internal error
daemon: activity on 1 descriptor
daemon: activity on: 12r
daemon: read active on 12
daemon: epoll: listen=9 active_threads=1 tvp=zero
connection_get(12)
connection_get(12): got connid=1000
connection_read(12): checking for input on id=1000
ber_get_next
ldap_read: want=8, got=7
0000: 30 05 02 01 03 42 00 0....B.
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf=0xb88fc8f8 ptr=0xb88fc8f8 end=0xb88fc8fd len=5
0000: 02 01 03 42 00 ...B.
op tag 0x42, time 1302056893
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
conn=1000 op=2 do_unbind
conn=1000 op=2 UNBIND
connection_closing: readying conn=1000 sd=12 for close
connection_resched: attempting closing conn=1000 sd=12
connection_close: conn=1000 sd=12
=>ldap_back_conn_destroy: fetching conn 1000
daemon: removing 12
conn=1000 fd=12 closed
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=9 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on:
slap_listener_activate(9):
daemon: epoll: listen=9 busy
>>> slap_listener(ldapi:///)
daemon: listen=9, new connection on 12
daemon: added 12r (active) listener=(nil)
conn=1001 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi
(PATH=/var/run/slapd/ldapi)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=9 active_threads=1 tvp=zero
daemon: activity on 1 descriptor
daemon: activity on: 12r
daemon: read active on 12
daemon: epoll: listen=9 active_threads=1 tvp=zero
connection_get(12)
connection_get(12): got connid=1001
connection_read(12): checking for input on id=1001
ber_get_next
ldap_read: want=8, got=8
0000: 30 0c 02 01 01 60 07 02 0....`..
ldap_read: want=6, got=6
0000: 01 03 04 00 80 00 ......
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0xb891acc8 ptr=0xb891acc8 end=0xb891acd4 len=12
0000: 02 01 01 60 07 02 01 03 04 00 80 00 ...`........
op tag 0x60, time 1302056901
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
conn=1001 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0xb891acc8 ptr=0xb891accb end=0xb891acd4 len=9
0000: 60 07 02 01 03 04 00 80 00 `........
ber_scanf fmt (m}) ber:
ber_dump: buf=0xb891acc8 ptr=0xb891acd2 end=0xb891acd4 len=2
0000: 00 00 ..
>>> dnPrettyNormal: <>
daemon: activity on 1 descriptor
<<< dnPrettyNormal: <>, <>
conn=1001 op=0 BIND dn="" method=128
do_bind: version=3 dn="" method=128
send_ldap_result: conn=1001 op=0 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=1 tag=97 err=0
ber_flush2: 14 bytes to sd 12
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
conn=1001 op=0 RESULT tag=97 err=0 text=
do_bind: v3 anonymous bind
daemon: activity on:
daemon: epoll: listen=9 active_threads=1 tvp=zero
daemon: activity on 1 descriptor
daemon: activity on: 12r
daemon: read active on 12
daemon: epoll: listen=9 active_threads=1 tvp=zero
connection_get(12)
connection_get(12): got connid=1001
connection_read(12): checking for input on id=1001
ber_get_next
ldap_read: want=8, got=8
0000: 30 44 02 01 02 63 3f 04 0D...c?.
ldap_read: want=62, got=62
0000: 16 64 63 3d 63 61 73 74 6c 65 62 72 61 6e 63 68 .dc=castlebranch
0010: 2c 64 63 3d 63 6f 6d 0a 01 02 0a 01 03 02 01 00 ,dc=com.........
0020: 02 01 00 01 01 00 a0 10 a3 0e 04 03 75 69 64 04 ............uid.
0030: 07 74 6a 67 61 74 65 73 30 04 04 02 64 6e .tjgates0...dn
ber_get_next: tag 0x30 len 68 contents:
ber_dump: buf=0xb891a570 ptr=0xb891a570 end=0xb891a5b4 len=68
0000: 02 01 02 63 3f 04 16 64 63 3d 63 61 73 74 6c 65 ...c?..dc=castle
0010: 62 72 61 6e 63 68 2c 64 63 3d 63 6f 6d 0a 01 02 branch,dc=com...
0020: 0a 01 03 02 01 00 02 01 00 01 01 00 a0 10 a3 0e ................
0030: 04 03 75 69 64 04 07 74 6a 67 61 74 65 73 30 04 ..uid..tjgates0.
0040: 04 02 64 6e ..dn
op tag 0x63, time 1302056901
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
conn=1001 op=1 do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0xb891a570 ptr=0xb891a573 end=0xb891a5b4 len=65
0000: 63 3f 04 16 64 63 3d 63 61 73 74 6c 65 62 72 61 c?..dc=castlebra
0010: 6e 63 68 2c 64 63 3d 63 6f 6d 0a 01 02 0a 01 03 nch,dc=com......
0020: 02 01 00 02 01 00 01 01 00 a0 10 a3 0e 04 03 75 ...............u
0030: 69 64 04 07 74 6a 67 61 74 65 73 30 04 04 02 64 id..tjgates0...d
0040: 6e n
>>> dnPrettyNormal: <dc=castlebranch,dc=com>
daemon: activity on 1 descriptor
=> ldap_bv2dn(dc=castlebranch,dc=com,0)
<= ldap_bv2dn(dc=castlebranch,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=castlebranch,dc=com)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=castlebranch,dc=com)=0
<<< dnPrettyNormal: <dc=castlebranch,dc=com>, <dc=castlebranch,dc=com>
SRCH "dc=castlebranch,dc=com" 2 3 0 0 0
begin get_filter
AND
begin get_filter_list
begin get_filter
EQUALITY
ber_scanf fmt ({mm}) ber:
ber_dump: buf=0xb891a570 ptr=0xb891a59e end=0xb891a5b4 len=22
0000: a3 0e 04 03 75 69 64 04 07 74 6a 67 61 74 65 73 ....uid..tjgates
0010: 30 04 04 02 64 6e 0...dn
end get_filter 0
end get_filter_list
end get_filter 0
filter: (&(uid=tjgates))
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0xb891a570 ptr=0xb891a5ae end=0xb891a5b4 len=6
0000: 00 04 04 02 64 6e ....dn
attrs: dn
conn=1001 op=1 SRCH base="dc=castlebranch,dc=com" scope=2 deref=3
filter="(&(uid=tjgates))"
conn=1001 op=1 SRCH attr=dn
==> limits_get: conn=1001 op=1 self="[anonymous]" this="dc=castlebranch,dc=com"
=> hdb_search
bdb(dc=castlebranch,dc=com): PANIC: fatal region error detected; run recovery
daemon: activity on:
daemon: epoll: listen=9 active_threads=1 tvp=zero
bdb(dc=castlebranch,dc=com): PANIC: fatal region error detected; run recovery
bdb(dc=castlebranch,dc=com): PANIC: fatal region error detected; run recovery
bdb(dc=castlebranch,dc=com): PANIC: fatal region error detected; run recovery
send_ldap_result: conn=1001 op=1 p=3
send_ldap_result: err=80 matched="" text="internal error"
send_ldap_response: msgid=2 tag=101 err=80
ber_flush2: 28 bytes to sd 12
0000: 30 1a 02 01 02 65 15 0a 01 50 04 00 04 0e 69 6e 0....e...P....in
0010: 74 65 72 6e 61 6c 20 65 72 72 6f 72 ternal error
ldap_write: want=28, written=28
0000: 30 1a 02 01 02 65 15 0a 01 50 04 00 04 0e 69 6e 0....e...P....in
0010: 74 65 72 6e 61 6c 20 65 72 72 6f 72 ternal error
conn=1001 op=1 SEARCH RESULT tag=101 err=80 nentries=0 text=internal error
daemon: activity on 1 descriptor
daemon: activity on: 12r
daemon: read active on 12
daemon: epoll: listen=9 active_threads=1 tvp=zero
connection_get(12)
connection_get(12): got connid=1001
connection_read(12): checking for input on id=1001
ber_get_next
ldap_read: want=8, got=7
0000: 30 05 02 01 03 42 00 0....B.
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf=0xb88f9d00 ptr=0xb88f9d00 end=0xb88f9d05 len=5
0000: 02 01 03 42 00 ...B.
op tag 0x42, time 1302056901
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
conn=1001 op=2 do_unbind
conn=1001 op=2 UNBIND
connection_closing: readying conn=1001 sd=12 for close
connection_resched: attempting closing conn=1001 sd=12
connection_close: conn=1001 sd=12
=>ldap_back_conn_destroy: fetching conn 1001
daemon: removing 12
conn=1001 fd=12 closed
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=9 active_threads=0 tvp=NULL
I don't know if it is related but I have been having crashing issues with
previous versions of openldap using pcache which I have submitted and ITS(6878)
for: http://www.openldap.org/its/index.cgi/Incoming?selectid=6878;statetype=-1
11 years, 11 months
(ITS#6890) SHA2 Password Hashing not working
by sudharma.thikkavarapu@siemens.com
Full_Name: SUDHARMA
Version: $OpenLDAP: slapd 2.4.23 (Apr 4 2011 13:48:06)
OS: AIX
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (161.134.39.30)
Hello,
we are planning to encrypt the password using SHA2 so i have followed the steps
that are required to use slapd-modules/passwd/sha2 in openLDAP code. I have
modified the slapd.conf file to load the correct libraries etc.. when i try to
generate the hash value for a password i get the following error.
testdev# slappasswd -h {SHA512}
New password:
Re-enter new password:
Password generation failed for scheme {SHA512}: scheme not recognized
I have to mention that i had problems compiling the sha2 source code with the cc
compiler but when i use the xlc i had no issues and compiled the source
successfully.
Here are the commands
xlc -I/home/openldap-2.4.23/include -g -c slapd-sha2.c
xlc -I/home/openldap-2.4.23/include -g -c sha2.c
xlc -G -I/home/openldap-2.4.23/include -g sha2.o slapd-sha2.o -o slapd-sha2.so
hope i haven't done anything wrong. Please suggest me how to make this work.
Thank you much for your help.
Best Regards,
Sudharma
11 years, 11 months
Re: (ITS#6888) slapd 2.4.23 terminating with 'SIGABRT'
by jwebb@localnet.com
The reason we are running 5 clients (each with 10 threads) performing
concurrent wildcard searches on "unindexed attributes", is purely and
simply.... load testing.
the test seems reasonable enough that (with our current configuration)
slapd should be able to handle it with terminating with a 'SIGABRT'...
am i wrong in assuming this?
J
11 years, 11 months
Re: (ITS#6878) ppcache segfault with tavl_delete
by tjgates@castlebranch.com
------=_Part_481677_474224743.1301865460773
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Just checking in.. Is there anything I can do to help? If it helps, running slapd in debug mode wouldn't crash on me after over 2 1/2 weeks of running. Maybe a race condition among all the different threads?
--
Tyler Gates
Systems Administrator
Castle Branch Inc.
910-815-3880 ext 7230
tjgates(a)castlebranch.com
This e-mail message, including any attachments, may contain private,
confidential, and privileged information for the restricted use of the
intended recipient(s). If you are not the intended recipient(s), you
may NOT use, disclose, copy, or disseminate this information. Please
notify the sender by return e-mail of this misdirected correspondence
and destroy all copies of the original message including all attachments.
Your cooperation is appreciated.
------=_Part_481677_474224743.1301865460773
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: Arial; font-size: 12pt; color: #000000'>Just checking in.. Is there anything I can do to help? If it helps, running slapd in debug mode wouldn't crash on me after over 2 1/2 weeks of running. Maybe a race condition among all the different threads?<br><span><br><br>-- <br><br>Tyler Gates<br>Systems Administrator<br>Castle Branch Inc.<br>910-815-3880 ext 7230<br>tjgates(a)castlebranch.com<br><br>This e-mail message, including any attachments, may contain private,<br>confidential, and privileged information for the restricted use of the<br>intended recipient(s). If you are not the intended recipient(s), you<br>may NOT use, disclose, copy, or disseminate this information. Please<br>notify the sender by return e-mail of this misdirected correspondence<br>and destroy all copies of the original message including all attachments.<br>Your cooperation is appreciated.<br></span></div></body></
html>
------=_Part_481677_474224743.1301865460773--
11 years, 11 months
(ITS#6888) slapd 2.4.23 terminating with 'SIGABRT'
by jwebb@localnet.com
Full_Name: Josiah Webb
Version: 2.4.23
OS: Debian Lenny (5.0.2)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (146.115.147.2)
When running 5 concurrent ldapsearch clients (each with 10 concurrent threads)
for unindexed attributes, slapd terminates with a SIGABRT about 3/4 of the way
through all dn's.
here is the gdb interpreted core file dump and backtrace:
-----------------------------------------------------------------
awesome@ldapmaster-dev:~$ gdb /usr/local/libexec/slapd core.12907
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
warning: Can't read pathname for load map: Input/output error.
Reading symbols from /usr/local/lib/libtcmalloc.so.0...done.
Loaded symbols for /usr/local/lib/libtcmalloc.so.0
Reading symbols from /usr/lib/libltdl.so.3...done.
Loaded symbols for /usr/lib/libltdl.so.3
Reading symbols from /lib/i686/cmov/libdl.so.2...done.
Loaded symbols for /lib/i686/cmov/libdl.so.2
Reading symbols from /usr/lib/libdb-4.6.so...done.
Loaded symbols for /usr/lib/libdb-4.6.so
Reading symbols from /lib/i686/cmov/libpthread.so.0...done.
Loaded symbols for /lib/i686/cmov/libpthread.so.0
Reading symbols from /usr/lib/i686/cmov/libssl.so.0.9.8...done.
Loaded symbols for /usr/lib/i686/cmov/libssl.so.0.9.8
Reading symbols from /usr/lib/i686/cmov/libcrypto.so.0.9.8...done.
Loaded symbols for /usr/lib/i686/cmov/libcrypto.so.0.9.8
Reading symbols from /lib/i686/cmov/libcrypt.so.1...done.
Loaded symbols for /lib/i686/cmov/libcrypt.so.1
Reading symbols from /lib/i686/cmov/libresolv.so.2...done.
Loaded symbols for /lib/i686/cmov/libresolv.so.2
Reading symbols from /lib/i686/cmov/libc.so.6...done.
Loaded symbols for /lib/i686/cmov/libc.so.6
Reading symbols from /usr/lib/libstdc++.so.6...done.
Loaded symbols for /usr/lib/libstdc++.so.6
Reading symbols from /lib/i686/cmov/libm.so.6...done.
Loaded symbols for /lib/i686/cmov/libm.so.6
Reading symbols from /lib/libgcc_s.so.1...done.
Loaded symbols for /lib/libgcc_s.so.1
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /lib/i686/cmov/libnss_files.so.2...done.
Loaded symbols for /lib/i686/cmov/libnss_files.so.2
Core was generated by `/usr/local/libexec/slapd -d -1'.
Program terminated with signal 6, Aborted.
[New process 12911]
[New process 12935]
[New process 12934]
[New process 12933]
[New process 12932]
[New process 12931]
[New process 12930]
[New process 12929]
[New process 12928]
[New process 12927]
[New process 12926]
[New process 12925]
[New process 12924]
[New process 12912]
[New process 12907]
[New process 12910]
[New process 12909]
[New process 12908]
#0 0xb7f43424 in __kernel_vsyscall ()
(gdb) backtrace
#0 0xb7f43424 in __kernel_vsyscall ()
#1 0xb7a7c640 in raise () from /lib/i686/cmov/libc.so.6
#2 0xb7a7e018 in abort () from /lib/i686/cmov/libc.so.6
#3 0xb7a755be in __assert_fail () from /lib/i686/cmov/libc.so.6
#4 0x0809853b in ch_malloc (size=1407) at ch_malloc.c:57
#5 0x08132a7a in hdb_id2entry (be=0x15ef5f64, tid=0xbb232d0, id=170395,
e=0x15e35d08) at id2entry.c:143
#6 0x08128fea in hdb_cache_find_id (op=0xc429000, tid=0xbb232d0, id=170395,
eip=0x15ef5eec, flag=2, lock=0x15ef5e44)
at cache.c:998
#7 0x08103923 in hdb_search (op=0xc429000, rs=0x15ef7148) at search.c:707
#8 0x080e40dc in overlay_op_walk (op=0xc429000, rs=0x15ef7148, which=op_search,
oi=0x9e39100, on=0x9e39400) at backover.c:669
#9 0x080e4ba1 in over_op_func (op=0xc429000, rs=0x15ef7148, which=op_search) at
backover.c:721
#10 0x0807dc63 in fe_op_search (op=0xc429000, rs=0x15ef7148) at search.c:366
#11 0x0807e4d8 in do_search (op=0xc429000, rs=0x15ef7148) at search.c:217
#12 0x0807b546 in connection_operation (ctx=0x15ef7228, arg_v=0xc429000) at
connection.c:1109
#13 0x0807c17f in connection_read_thread (ctx=0x15ef7228, argv=0x13) at
connection.c:1245
#14 0x081590ec in ldap_int_thread_pool_wrapper (xpool=0x9e0a0b0) at tpool.c:685
#15 0xb7d924c0 in start_thread () from /lib/i686/cmov/libpthread.so.0
#16 0xb7b316de in clone () from /lib/i686/cmov/libc.so.6
---------------------------------------------------------------
the slapd standard log (/var/log/syslog), logged no errors whatsoever, slapd
simply "stopped:
no "out of memory" issues either
free -m (taken at the exact time of the SIGABRT):
total used free shared buffers cached
Mem: 8115 7492 623 0 226 1895
-/+ buffers/cache: 5370 2744
Swap: 2055 0 2055
Running a freshly compiled 2.4.23 openldap, which was compiled against tcmalloc
(malloc replacement) from google-perftools-1.7 (standard build commands:
./configure, make, make install (no errors)
openldap compiled as follows:
./configure LDFLAGS="-fno-builtin-malloc -fno-builtin-calloc
-fno-builtin-realloc -fno-builtin-free -ltcmalloc" --enable-slapd --enable-bdb
--enable-modules --enable-accesslog --enable-syncprov --enable-crypt
--enable-cleartext --enable-syslog --enable-debug
make depend
make
make test
make install STRIP=""
no errors during build.
backend is Berkely DB 4.6.21-16, which contains the following patches:
http://www.oracle.com/technetwork/database/berkeleydb/patch-098875.html
slapd.conf as follows:
#####################
# Global Directives #
#####################
allow bind_v2
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/qmail.schema
include /usr/local/etc/openldap/schema/radius.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel stats sync config none
threads 16
gentlehup on
sizelimit 500
tool-threads 4
backend hdb
##############################
# Main Backend DB Directives #
##############################
database hdb
suffix "dc=localnet,dc=com"
rootdn "cn=Manager,dc=localnet,dc=com"
rootpw {SSHA}Kcv02GxN6YBuUVV+ct10VAxrc3c1iPei
directory "/local/var/openldap-bdb"
dbconfig set_cachesize 2 147483648 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
cachesize 50000
idlcachesize 200000
cachefree 1000
index objectClass eq
index cn eq
index sn eq
index uid eq
index mail eq
index mailAlternateAddress eq
index mailForwardingAddress eq
index radiusUID eq
index uidNumber eq
index gidNumber eq
index overquota eq
index mailhost eq
index entryCSN eq
index entryUUID eq
overlay accesslog
logdb "cn=accesslog"
logops writes
logsuccess TRUE
logpurge 02+00:00 01+00:00
overlay syncprov
syncprov-checkpoint 10 5
checkpoint 1024 5
limits dn.exact="cn=Manager,dc=localnet,dc=com" time.soft=unlimited
time.hard=unlimited size.soft=unlimited size.hard=unlimited
###################################
# Accesslog Backend DB Directives #
###################################
database hdb
suffix "cn=accesslog"
directory "/usr/local/var/openldap-data"
dbconfig set_cachesize 0 268435456 1
dbconfig set_lg_regionmax 1048576
dbconfig set_lg_max 10485760
dbconfig set_lg_bsize 2097152
dbconfig set_lg_dir /usr/local/var/openldap-data
dbconfig set_tmp_dir /tmp
dbconfig set_flags DB_LOG_AUTOREMOVE
cachesize 2000
idlcachesize 8000
cachefree 100
checkpoint 1024 5
lastmod on
index default eq
index objectClass
index entryCSN
index reqEnd
index reqResult
index reqStart
overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE
limits dn.exact="cn=Manager,dc=localnet,dc=com" time.soft=unlimited
time.hard=unlimited size.soft=unlimited size.hard=unlimited
#########################
# Access ACL Directives #
#########################
access to *
by dn="cn=Manager,dc=localnet,dc=com" write
by * read
by anonymous auth
by self write
# end slapd.conf
Server is a 4 core Intel Xeon E5320 Debian Lenny box with 2.6.26-2-686-bigmem
kernel and 8GB of physical memory.
Our entire data set (.bdb) including indexes totals 1.3GB. we have a large
enough set_cachesize to store our entire data set in memory.
Our LDAP tree contains around 200,000 dn's
please advise, or let me know if you need further details or information
thanks!
11 years, 11 months