[Issue 9820] New: v2.5 and 2.6 closed (idletimeout) during ldapsearch (work fine with v2.4)

https://bugs.openldap.org/show_bug.cgi?id=9820

Issue ID: 9820 Summary: v2.5 and 2.6 closed (idletimeout) during ldapsearch (work fine with v2.4) Product: OpenLDAP Version: 2.6.1 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: jlbs.gregoire@gmail.com Target Milestone: ---

Hello, Please excuse me for my bad English.

Is there a bug with openldap 2.5 and 2.6 ? When I launch a ldapsearch on the whole directory, the connection is abruptly cut during the search (same problem with syncrepl). All work fine with openldap 2.4.48 and 2.4.59.

Tested on Debian 10 buster and openssl 1.1.1n (also tested with openssl 1.1.1d and 1.1.1k). The directory contains over one million entries.

OpenLDAP 2.6.1 compiled with the following options ./configure --prefix=/opt/openldap-2.6.1 --disable-ipv6 --enable-debug --enable-syslog --enable-slapd --enable-cleartext --enable-crypt --enable-wrappers --enable-backends=no --enable-mdb --enable-overlays --with-tls

/opt/openldap-2.6.1/bin/ldapsearch -x -D cn=manager,dc=societe,dc=com -w 'password' ... # numResponses: 50146 # numEntries: 50146 ldap_result: Can't contact LDAP server (-1)

Apr 8 21:28:37 debian slapd[20880]: @(#) $OpenLDAP: slapd 2.6.1 (Apr 8 2022 20:34:26) $#012#011root@debian:/opt/src/openldap-2.6.1/servers/slapd Apr 8 21:28:37 debian slapd[20881]: slapd starting Apr 8 21:29:12 debian slapd[20881]: conn=1000 fd=11 ACCEPT from PATH=/opt/openldap-2.6.1/var/run/ldapi (PATH=/opt/openldap-2.6.1/var/run/ldapi) Apr 8 21:29:12 debian slapd[20881]: conn=1000 op=0 BIND dn="cn=manager,dc=societe,dc=com" method=128 Apr 8 21:29:12 debian slapd[20881]: conn=1000 op=0 BIND dn="cn=manager,dc=societe,dc=com" mech=SIMPLE bind_ssf=0 ssf=71 Apr 8 21:29:12 debian slapd[20881]: conn=1000 op=0 RESULT tag=97 err=0 qtime=0.000005 etime=0.000041 text= Apr 8 21:29:12 debian slapd[20881]: conn=1000 op=1 SRCH base="dc=societe,dc=com" scope=2 deref=0 filter="(objectClass=*)" Apr 8 21:29:57 debian slapd[20881]: conn=1000 fd=11 closed (idletimeout)

OpenLDAP 2.5.11 compiled with the following options ./configure --prefix=/opt/openldap-2.5.11 --disable-ipv6 --enable-debug --enable-syslog --enable-slapd --enable-cleartext --enable-crypt --enable-wrappers --enable-backends=no --enable-mdb --enable-overlays --with-tls

/opt/openldap-2.5.11/bin/ldapsearch -x -D cn=manager,dc=societe,dc=com -w 'password' ... # numResponses: 44638 # numEntries: 44638 ldap_result: Can't contact LDAP server (-1)

Apr 8 21:44:18 debian slapd[21063]: @(#) $OpenLDAP: slapd 2.5.11 (Apr 8 2022 20:55:50) $#012#011root@debian:/opt/src/openldap-2.5.11/servers/slapd Apr 8 21:44:18 debian slapd[21064]: slapd starting Apr 8 21:44:45 debian slapd[21064]: conn=1000 fd=11 ACCEPT from PATH=/opt/openldap-2.5.11/var/run/ldapi (PATH=/opt/openldap-2.5.11/var/run/ldapi) Apr 8 21:44:45 debian slapd[21064]: conn=1000 op=0 BIND dn="cn=manager,dc=societe,dc=com" method=128 Apr 8 21:44:45 debian slapd[21064]: conn=1000 op=0 BIND dn="cn=manager,dc=societe,dc=com" mech=SIMPLE bind_ssf=0 ssf=71 Apr 8 21:44:45 debian slapd[21064]: conn=1000 op=0 RESULT tag=97 err=0 qtime=0.000006 etime=0.000045 text= Apr 8 21:44:45 debian slapd[21064]: conn=1000 op=1 SRCH base="dc=societe,dc=com" scope=2 deref=0 filter="(objectClass=*)" Apr 8 21:45:30 debian slapd[21064]: conn=1000 fd=11 closed (idletimeout)

OpenLDAP 2.4.59 compiled with the following options ./configure --prefix=/opt/openldap-2.4.59 --disable-ipv6 --enable-debug --enable-syslog --enable-slapd --enable-cleartext --enable-crypt --enable-wrappers --enable-backends=no --enable-mdb --enable-overlays --with-tls

/opt/openldap-2.4.59/bin/ldapsearch -x -D cn=manager,dc=societe,dc=com -w 'password'

Apr 8 21:53:22 debian slapd[17963]: @(#) $OpenLDAP: slapd 2.4.59 (Apr 8 2022 21:51:41) $#012#011root@debian:/opt/src/openldap-2.4.59/servers/slapd Apr 8 21:53:22 debian slapd[17964]: slapd starting Apr 8 21:53:54 debian slapd[17964]: conn=1000 fd=11 ACCEPT from PATH=/opt/openldap-2.4.59/var/run/ldapi (PATH=/opt/openldap-2.4.59/var/run/ldapi) Apr 8 21:53:54 debian slapd[17964]: conn=1000 op=0 BIND dn="cn=manager,dc=societe,dc=com" method=128 Apr 8 21:53:54 debian slapd[17964]: conn=1000 op=0 BIND dn="cn=manager,dc=societe,dc=com" mech=SIMPLE ssf=0 Apr 8 21:53:54 debian slapd[17964]: conn=1000 op=0 RESULT tag=97 err=0 text= Apr 8 21:53:54 debian slapd[17964]: conn=1000 op=1 SRCH base="dc=societe,dc=com" scope=2 deref=0 filter="(objectClass=*)" Apr 8 22:06:02 debian slapd[17964]: conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1021397 text= Apr 8 22:06:02 debian slapd[17964]: conn=1000 op=2 UNBIND Apr 8 22:06:02 debian slapd[17964]: conn=1000 fd=11 closed

OpenLDAP 2.4.48 compiled with the following options ./configure --prefix=/opt/openldap-2.4.48 --disable-ipv6 --enable-debug --enable-syslog --enable-slapd --enable-cleartext --enable-crypt --enable-wrappers --enable-backends=no --enable-mdb --enable-overlays --with-tls

/opt/openldap-2.4.48/bin/ldapsearch -x -D cn=manager,dc=societe,dc=com -w 'password'

Apr 8 21:30:44 debian slapd[20942]: @(#) $OpenLDAP: slapd 2.4.48 (Apr 8 2022 20:58:01) $#012#011root@debian:/opt/src/openldap-2.4.48/servers/slapd Apr 8 21:30:44 debian slapd[20943]: slapd starting Apr 8 21:31:05 debian slapd[20943]: conn=1000 fd=11 ACCEPT from PATH=/opt/openldap-2.4.48/var/run/ldapi (PATH=/opt/openldap-2.4.48/var/run/ldapi) Apr 8 21:31:05 debian slapd[20943]: conn=1000 op=0 BIND dn="cn=manager,dc=societe,dc=com" method=128 Apr 8 21:31:05 debian slapd[20943]: conn=1000 op=0 BIND dn="cn=manager,dc=societe,dc=com" mech=SIMPLE ssf=0 Apr 8 21:31:05 debian slapd[20943]: conn=1000 op=0 RESULT tag=97 err=0 text= Apr 8 21:31:05 debian slapd[20943]: conn=1000 op=1 SRCH base="dc=societe,dc=com" scope=2 deref=0 filter="(objectClass=*)" Apr 8 21:43:15 debian slapd[20943]: conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1021397 text= Apr 8 21:43:15 debian slapd[20943]: conn=1000 op=2 UNBIND Apr 8 21:43:15 debian slapd[20943]: conn=1000 fd=11 closed

Content of slapd.conf : pidfile /opt/openldap/var/run/slapd.pid argsfile /opt/openldap/var/run/slapd.args tool-threads 2 require ldapv3 authc disallow bind_anon loglevel stats modulepath /opt/openldap/libexec/openldap moduleload back_mdb moduleload syncprov include /opt/openldap/etc/openldap/schema/core.schema include /opt/openldap/etc/openldap/schema/cosine.schema include /opt/openldap/etc/openldap/schema/inetorgperson.schema include /opt/openldap/etc/openldap/schema/dyngroup_cgi.schema include /opt/openldap/etc/openldap/schema/qmail_cgi.schema

defaultsearchbase "dc=societe,dc=com"

backend mdb database mdb directory "/ldap/base-ldap" suffix "dc=societe,dc=com" rootdn "cn=manager,dc=societe,dc=com" rootpw password maxsize 12884901888 mode 600 checkpoint 10240 2 dbnosync lastmod on

include /opt/openldap/etc/openldap/acl.conf

idletimeout 120 reverse-lookup off sizelimit 100 timelimit unlimited

include /opt/openldap/etc/openldap/index.conf index_substr_if_minlen 2 index_substr_if_maxlen 4 index_substr_any_len 4 index_substr_any_step 2

When I set loglevel -1 it works correctly (but generates a very huge log file). It's very strange.

If you need any further information, feel free to contact me.

Jean-Loup Gregoire