Full_Name: Michele Lugli Version: 2.4.45 OS: Linux Ubuntu server 16.04 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (192.167.209.10)
Quarantine function in back-meta will permanently disable a target if a query is received while the quarantine has been imposed.
Same problem reported in ITS#5592 and marked as "solved": still exists under some circustances.
To reproduce: use config below, assume the first target works correctly and the second is unavailable. Send a query and the quarantine will be set. Sending more queries, with searchbase "dc=example,dc=com" and within 20 seconds, the quarantine will never lift.
Tested on latest release available (commit bb62d9cb732c894023c5c9f5893acf40add7376c - Aug 31 16:53:45 2017).
---- slapd.conf ----
database meta suffix dc=example,dc=com quarantine 20,+ uri ldap://itworks.example.com/dc=subtree1,dc=example,dc=com uri ldap://afakeaddress/dc=subtree2,dc=example,dc=com
---- slapd logs ----
59ad1507 conn=1000 op=1 meta_back_quarantine[1]: enter. 59ad1519 conn=1001 op=1: meta_back_getconn[1] quarantined 59ad1527 conn=1002 op=1: meta_back_getconn[1] quarantined 59ad1539 conn=1003 op=1: meta_back_getconn[1] quarantined 59ad154b conn=1004 op=1: meta_back_getconn[1] quarantined ....