Pierangelo Masarati wrote:
gao@schrodinger.com wrote:
URL: ftp://ftp.schrodinger.com/support/openldap/simon.gao.openldap_2.3.35.its.ext
^^^ This link is unreachable
Sorry about the broken link. Here is the correct one:
ftp://ftp.schrodinger.com/support/openldap/simon.gao.openldap_20070618.ext
When following command against a consumer slapd, it will crash slapd of the consumer when loglevel is set to any other value other than 1 or -1 on the consumer:
ldappasswd -v -H ldap://consumer -D "uid=joe,ou=people,dc=example,dc=com" -W -S -x -A
The crash happens to at least to loglevel 0, 256, 512. When loglevel is set to 1 or "-1", then no crash is experienced. In addition, when run consumer slapd manually as front process,
^^^ what does this mean?
If I start slapd manually as following commands:
/usr/lib/openldap/slapd -d 0 -u ldap -g ldap -h 'ldap:// ldaps' /usr/lib/openldap/slapd -d 256 -u ldap -g ldap -h 'ldap:// ldaps' /usr/lib/openldap/slapd -d 512 -u ldap -g ldap -h 'ldap:// ldaps'
Then I did not see the problem as I would when setting loglevel to 0, 256, 512 in slapd.conf and start slapd from /etc/init.d/slapd, which launch the daemon with the same options. When starting slapd from /etc/init.d/slapd as background daemon process, slapd will write to /var/log/ldap.log and /var/log/message. It seems that the difference exists between writing ldap logs to a file (slapd runs in background) or writing to console (slapd runs in foreground as started manually).
then all debug level works without problem.
OpenLDAP re23 (in practice, 2.3.36 just released) doesn't show anything like that. I note that differences related to the debug level usually mean that a NULL or an invalid pointer is passed to a *printf(3) routine on those systems that do not tolerate it (e.g. Solaris). But usually the bug disappears when __decreasing__ the log level, while -1 means all.
p.
I would expect writing less log should help avoiding problem. In this case, somehow logging must be set at certain or above a level. Below that it will trigger problem. While I was trying to get pieces working, I always set loglevel to 1 or -1. So I did not realize this problem until very late. The error I got as a result of attempting change password is "can't contact LDAP server" which is very confusing (might be because slapd already crashed before serving last request).
I am happy to run more tests and provide further information as needed.
Thanks,
Simon
-
gao@schrodinger.com