(ITS#8479) overlay unique + mdb: loop and OOM kill, 2 URS as olcUniqueURI value - openldap-bugs

15 Aug 2016


      Full_Name: Bill Clay
Version: 2.4.44
OS: Debian/GNU Linux 7.8 (Wheezy)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (87.15.115.130)
The below modification to an otherwise correctly-functioning slapd instance
provokes an infinite loop that eventually ends with allocation of all configured
virtual memory, kernel invocation of its oom-killer (generally on an innocent
bystander), and sometimes a kernel panic. This scenario is 100% repeatable on
this installation.
If I understand "man 5 slapo-unique" correctly, an instance of overlay unique
may specify more than one olcUniqueURI attribute, each of which may specify more
than one space-separated (?) URI.  In this case, I am replacing two
initially-configured olcUniqueURI attributes whose values comprise a single URI
each (and which seem to work correctly) by one olcUniqueURI attribute with two
URIs.
bill@fuji:~$ sudo ldapmodify -YEXTERNAL -Hldapi://
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn:olcOverlay={2}unique,olcDatabase={3}mdb,cn=config
changetype: modify
replace: olcUniqueURI
olcUniqueURI: ldap:///ou=gruppi,dc=test?gidNumber?one
ldap:///ou=gruppi,dc=test?owner?one
modifying entry "olcOverlay={2}unique,olcDatabase={3}mdb,cn=config"
ldap_result: Can't contact LDAP server (-1)
bill@fuji:~$
This slapd is the following custom build on an otherwise fairly stock Debian
Wheezy system.
cd /usr/local/src/openldap-2.4.44
./configure --sysconfdir=/etc --localstatedir=/ \
 --disable-backends --enable-mdb --enable-monitor --enable-crypt \
 --with-cyrus-sasl --enable-spasswd --enable-syslog --enable-local \
 --disable-overlays --enable-memberof --enable-refint --enable-unique \
 --disable-modules --with-cyrus-sasl --with-tls --with-threads --with-gnu-ld
# if --enable-shell, avoid --with threads
I have uploaded files bill-clay-160815-<type>.txt to
ftp://ftp.openldap.org/incoming/ for the following <types>:
log: console log of slapd running foreground with -d1 (serial console at 57600
bps, allowing prompt manual termination via kill -KILL)
cnf1-cnf3: slapadd specification of (1) the rootDSE, (2) {2}mdb's tree
dc=epici,dc=it, and (3) {3}mdb's tree dc=test (subject of the failed
ldapmodify).
As is probably obvious from these files, I am an LDAP newbie, so there may be a
configuration error here that's painfully obvious to the experienced
practictioner.