Pierangelo Masarati wrote:
Sorry about the broken link. Here is the correct one:
ftp://ftp.schrodinger.com/support/openldap/simon.gao.openldap_20070618.ext
> When following command against a consumer slapd, it will crash
slapd of the
> consumer when loglevel is set to any other value other than 1 or -1 on the
> consumer:
>
> ldappasswd -v -H ldap://consumer -D "uid=joe,ou=people,dc=example,dc=com"
-W -S
> -x -A
>
> The crash happens to at least to loglevel 0, 256, 512. When loglevel is set to 1
> or "-1", then no crash is experienced. In addition, when run consumer
slapd
> manually as front process,
>
^^^ what does this mean?
If I start slapd manually as following commands:
/usr/lib/openldap/slapd -d 0 -u ldap -g ldap -h 'ldap:// ldaps'
/usr/lib/openldap/slapd -d 256 -u ldap -g ldap -h 'ldap:// ldaps'
/usr/lib/openldap/slapd -d 512 -u ldap -g ldap -h 'ldap:// ldaps'
Then I did not see the problem as I would when setting loglevel to 0,
256, 512 in slapd.conf and start slapd from /etc/init.d/slapd, which
launch the daemon with the same options. When starting slapd from
/etc/init.d/slapd as background daemon process, slapd will write to
/var/log/ldap.log and /var/log/message. It seems that the difference
exists between writing ldap logs to a file (slapd runs in background) or
writing to console (slapd runs in foreground as started manually).
> then all debug level works without problem.
>
OpenLDAP re23 (in practice, 2.3.36 just released) doesn't show anything
like that. I note that differences related to the debug level usually
mean that a NULL or an invalid pointer is passed to a *printf(3) routine
on those systems that do not tolerate it (e.g. Solaris). But usually
the bug disappears when __decreasing__ the log level, while -1 means all.
p.
I would expect writing less log should help avoiding problem. In this
case, somehow logging must be set at certain or above a level. Below
that it will trigger problem. While I was trying to get pieces working,
I always set loglevel to 1 or -1. So I did not realize this problem
until very late. The error I got as a result of attempting change
password is "can't contact LDAP server" which is very confusing (might
be because slapd already crashed before serving last request).
I am happy to run more tests and provide further information as needed.
Thanks,
Simon