Full_Name: John Alex. Version: 2.4.40 OS: FreeBSD 9.3 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (91.140.25.22)
When those two overlays are configured in this order: {0}memberof, {1}dds, slapd will segfault at startup if dds finds a dynamicObject entry that is past its expiration time. This does not occur if an object expires while slapd is running, only during startup.
Changing the order of those overlays to be {0}dds, {1}memberof avoids this issue.
Sample config (without schema entries):
dn: cn=config objectClass: olcGlobal cn: config olcConfigDir: slapd.d olcArgsFile:2F2Fvar/run/openldap/slapd.args olcAttributeOptions: lang- olcLogLevel: stats olcPidFile: /var/run/openldap/slapd.pid
dn: cn=module{0},cn=config objectClass: olcModuleList cn: module{0} olcModulePath: /usr/local/libexec/openldap olcModuleLoad: {0}back_mdb
dn: olcDababase={-1}frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: {-1}frontend olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth" manage by * break olcAccess: {1}to dn.base="" by * read olcAccess: {2}to dn.base="cn=subschema" by * read olcSchemaDN: cn=Subschema
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern lal,cn=auth" manage olcAddContentAcl: TRUE olcRootDN: cn=admin,cn=config
dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb olcDbDirectory: /var/db/openldap-data/testing olcSuffix: dc=example,dc=com olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth" manage by * break olcAccess: {1}to attrs=userPassword by anonymous auth olcAccess: {2}to dn.base="dc=example,dc=com"yby * read olcRootDN: cn=admin,dc=example,dc=com olcDbIndex: objectClass eq olcDbIndex: ou,uid eq olcDbIndex: entryExpireTimestamp eq olcDbMaxSize: 4294967296
dn: olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config objectClass: olcMemberOf objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: {0}memberof
dn: olcOverlay={1}dds,olcDatabase={1}mdb,cn=config objectClass: olcDDSConfig objectClass: olcOverlayConfig objectClass: olcConfig objectClass: top olcOverlay: {1}dds olcDDSinterval: 60
Steps to reproduce: 1. Create a dynamicObject entry, set a ttl of 60 seconds 2. Shut down the openldap server 3. Wait a couple minutes, then start the server
-
alexoz66@gmail.com