Full_Name: Duncan Gibb Version: 2.4.8 OS: Linux (Debian Etch and RHEL 4, x86 and x86_64) URL: Submission from: (NULL) (217.207.197.142)
(Previously sent by email to openldap-devel, but lost or moderated out)
In the course of debugging a fairly complex OpenLDAP deployment, we've found a reproducible segfault in 2.4.8. Below is a simplified testcase.
Server1 is master for the main database and syncrepl consumer for a subordinate (starting at ou=dept2,... in our example). It's syncrepl provider for both parts of the tree.
Server2 is master for the subordinate database, and consumer for the main database.
Server3 is 100% consumer, taking both parts of the database from Server1 (in the real environment there is no routing between Server2 and Server3).
Starting with empty databases, we populate Server1 with "main.ldif", and Server2 with "dept2.ldif". Then start 1 and 2 (only).
With servers 1 and 2 running, we have full replication in both directions. When we start Server3 with an empty database, it replicates the whole tree from Server1. However:
- subsequent changes in the main database (on Server1) replicate only to Server2 and not to Server3
- the next change in the subordinate database (on Server2) replicates to 1 and 3, but segfaults Server1 thus:
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x41001950 (LWP 5512)] 0x000000000045c95e in test_filter (op=0x41000710, e=0xa29c08, f=0x0) at filterentry.c:69 69 if ( f->f_choice & SLAPD_FILTER_UNDEFINED ) {(gdb) bt #0 0x000000000045c95e in test_filter (op=0x41000710, e=0xa29c08, f=0x0) at filterentry.c:69 #1 0x00002b9fcd9dddf2 in syncprov_matchops (op=0x41000710, opc=0xdb4c40, saveit=1) at syncprov.c:1212 #2 0x00002b9fcd9dfd4c in syncprov_op_mod (op=0x41000710, rs=0x41000290) at syncprov.c:1807 #3 0x00000000004b5dce in overlay_op_walk (op=0x41000710, rs=0x41000290, which=op_modify, oi=0x7f1ab0, on=0x7f1f40) at backover.c:643 #4 0x00000000004b6060 in over_op_func (op=0x41000710, rs=0x41000290, which=op_modify) at backover.c:705 #5 0x00000000004b613e in over_op_modify (op=0x41000710, rs=0x41000290) at backover.c:739 #6 0x00000000004abfac in syncrepl_updateCookie (si=0x7f1020, op=0x41000710, pdn=0x7f01c0, syncCookie=0x41000500) at syncrepl.c:2693 #7 0x00000000004a5987 in do_syncrep2 (op=0x41000710, si=0x7f1020) at syncrepl.c:848 #8 0x00000000004a6e66 in do_syncrepl (ctx=0x41000e00, arg=0x7f0c20) at syncrepl.c:1226 #9 0x00000000004359fd in connection_read_thread (ctx=0x41000e00, argv=0x10) at connection.c:1213 #10 0x00002b9fc9f34ae5 in ldap_int_thread_pool_wrapper (xpool=0x7ab720) at tpool.c:625 #11 0x00002b9fca8f03f7 in start_thread () from /lib/libpthread.so.0 #12 0x00002b9fcba3997d in clone () from /lib/libc.so.6 #13 0x0000000000000000 in ?? () (gdb)
We've reproduced this on RHEL4/i386 both under Xen and under QEMU, and also on Debian Etch/amd64 using Xen virtuals and using three slapds listening on different ports on the same machine. Below are config files for the last of these, which should be the simplest to rig up (127.0.N.1 represents ServerN).
Ideas and comments welcome.
Cheers
Duncan
-8<-- slapd.conf.127.0.1.1 -8<---8<---8<---8<---8<---8<---8<--
# slapd.conf for 127.0.1.1
include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema
loglevel any
sizelimit unlimited timelimit unlimited
pidfile /home/ldaptest/rel/var/run/slapd_127.0.1.1.pid argsfile /home/ldaptest/rel/var/run/slapd_127.0.1.1.args
modulepath /home/ldaptest/rel/libexec/openldap moduleload back_bdb moduleload syncprov.la
database bdb suffix "ou=dept2,dc=ldaplab,dc=siriusit,dc=co,dc=uk" rootdn "cn=admin,dc=ldaplab,dc=siriusit,dc=co,dc=uk"
overlay syncprov
subordinate
directory /home/ldaptest/rel/var/openldap-data/127.0.1.1/dept2
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index entryCSN eq,pres
syncrepl rid=103 provider=ldap://127.0.2.1:38902 type=refreshAndPersist retry="10 +" searchbase="ou=dept2,dc=ldaplab,dc=siriusit,dc=co,dc=uk" bindmethod="simple" binddn="cn=admin,dc=ldaplab,dc=siriusit,dc=co,dc=uk" credentials="secret"
updateref ldap://127.0.2.1:38902
database bdb suffix "dc=ldaplab,dc=siriusit,dc=co,dc=uk" rootdn "cn=admin,dc=ldaplab,dc=siriusit,dc=co,dc=uk" overlay glue overlay syncprov
directory /home/ldaptest/rel/var/openldap-data/127.0.1.1/main
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index entryCSN eq,pres
-8<-- slapd.conf.127.0.2.1 -8<---8<---8<---8<---8<---8<---8<--
# slapd.conf for 127.0.2.1
include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema
loglevel any
sizelimit unlimited timelimit unlimited
pidfile /home/ldaptest/rel/var/run/slapd_127.0.2.1.pid argsfile /home/ldaptest/rel/var/run/slapd_127.0.2.1.args
modulepath /home/ldaptest/rel/libexec/openldap moduleload back_bdb moduleload syncprov.la
database bdb suffix "ou=dept2,dc=ldaplab,dc=siriusit,dc=co,dc=uk" rootdn "cn=admin,dc=ldaplab,dc=siriusit,dc=co,dc=uk"
overlay syncprov
subordinate
directory /home/ldaptest/rel/var/openldap-data/127.0.2.1/dept2
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index entryCSN eq,pres
database bdb suffix "dc=ldaplab,dc=siriusit,dc=co,dc=uk" rootdn "cn=admin,dc=ldaplab,dc=siriusit,dc=co,dc=uk" overlay glue overlay syncprov
directory /home/ldaptest/rel/var/openldap-data/127.0.2.1/main
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index entryCSN eq,pres
syncrepl rid=100 provider=ldap://127.0.1.1:38901 type=refreshAndPersist retry="10 +" searchbase="dc=ldaplab,dc=siriusit,dc=co,dc=uk" bindmethod="simple" binddn="cn=admin,dc=ldaplab,dc=siriusit,dc=co,dc=uk" credentials="secret"
updateref ldap://127.0.1.1:38901
-8<-- slapd.conf.127.0.3.1 -8<---8<---8<---8<---8<---8<---8<--
# slapd.conf for 127.0.3.1
include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema
loglevel any
sizelimit unlimited timelimit unlimited
pidfile /home/ldaptest/rel/var/run/slapd_127.0.3.1.pid argsfile /home/ldaptest/rel/var/run/slapd_127.0.3.1.args
modulepath /home/ldaptest/rel/libexec/openldap moduleload back_bdb moduleload syncprov.la
database bdb suffix "ou=dept2,dc=ldaplab,dc=siriusit,dc=co,dc=uk" rootdn "cn=admin,dc=ldaplab,dc=siriusit,dc=co,dc=uk"
subordinate
directory /home/ldaptest/rel/var/openldap-data/127.0.3.1/dept2
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index entryCSN eq,pres
syncrepl rid=104 provider=ldap://127.0.1.1:38901 type=refreshAndPersist retry="10 +" searchbase="ou=dept2,dc=ldaplab,dc=siriusit,dc=co,dc=uk" bindmethod="simple" binddn="cn=admin,dc=ldaplab,dc=siriusit,dc=co,dc=uk" credentials="secret"
updateref ldap://127.0.2.1:38902
database bdb suffix "dc=ldaplab,dc=siriusit,dc=co,dc=uk" rootdn "cn=admin,dc=ldaplab,dc=siriusit,dc=co,dc=uk" overlay glue
directory /home/ldaptest/rel/var/openldap-data/127.0.3.1/main
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index entryCSN eq,pres
syncrepl rid=105 provider=ldap://127.0.1.1:38901 type=refreshAndPersist retry="10 +" searchbase="dc=ldaplab,dc=siriusit,dc=co,dc=uk" bindmethod="simple" binddn="cn=admin,dc=ldaplab,dc=siriusit,dc=co,dc=uk" credentials="secret"
updateref ldap://127.0.1.1:38901
-8<-- main.ldif -8<---8<---8<---8<---8<---8<---8<--
# LDIF for main tree
dn: dc=ldaplab,dc=siriusit,dc=co,dc=uk dc: ldaplab o: ldaplab objectClass: dcObject objectClass: organization
dn: cn=admin,dc=ldaplab,dc=siriusit,dc=co,dc=uk cn: admin objectClass: organizationalRole objectClass: simpleSecurityObject userPassword: {SSHA}HEadVOU0EenIL0NX1bMblWYLAHrVW8Jy
dn: ou=dept1,dc=ldaplab,dc=siriusit,dc=co,dc=uk ou: dept1 objectClass: organizationalUnit
dn: cn=person11,ou=dept1,dc=ldaplab,dc=siriusit,dc=co,dc=uk sn: person11 cn: person11 objectClass: person
dn: cn=person12,ou=dept1,dc=ldaplab,dc=siriusit,dc=co,dc=uk sn: person12 cn: person12 objectClass: person
-8<-- dept2.ldif -8<---8<---8<---8<---8<---8<---8<--
# LDIF for "dept2" delegated subordinate tree
dn: ou=dept2,dc=ldaplab,dc=siriusit,dc=co,dc=uk ou: dept2 objectClass: organizationalUnit
dn: cn=person21,ou=dept2,dc=ldaplab,dc=siriusit,dc=co,dc=uk sn: person21 cn: person21 objectClass: person
dn: cn=person22,ou=dept2,dc=ldaplab,dc=siriusit,dc=co,dc=uk sn: person22 cn: person22 objectClass: person