https://bugs.openldap.org/show_bug.cgi?id=9254
--- Comment #3 from Howard Chu hyc@openldap.org --- (In reply to Claudio from comment #0)
The import of an LDIF file containing a passwordPolicy objectClass where the attribute pwdMaxAge was populated as 50000000000000 (while the max value of that attribute should be 315360000) went fine but any editing of values on that objectClass would make slapd hang until brutally killed (it goes into error 8 where apparently the operation is waiting to be executed, but even after several hours it would still be frozen). The only way I managed to solve the situation was to take e previous dump, change the value to something within the value's range, and restore it. BTW I couldn't manage to run slapcat (neither with the -c flag) to have a full dump.
There are three issues in my opinion:
- Shouldn't slapadd make some checks on data type values and eventually
either give an error or change an exceeding value to the minimum/maximum value of the range?
slapadd generally does very few validity checks. It is intended to be used on LDIFs that are known to be valid, i.e. for loading the output of slapcat.
- Shouldn't slapd manage the exceeding value instead of freezing (in a way
coherent to point 1)?
Indeed, slapd shouldn't freeze. You should provide a gdb stack trace of the running threads when this situation occurs.
- Shouldn't slapcat be forced to skip over the problem of an out of range
value at least if run with the "-c" flag?
slapcat does no validity checks; it assumes the contents of the DB it is reading are valid. In most cases the -c flag is meaningless for slapcat.