[Issue 10087] New: slapd crashes with core dump Assertion `!LDAP_BACK_CONN_TAINTED( lc )
https://bugs.openldap.org/show_bug.cgi?id=10087
Issue ID: 10087 Summary: slapd crashes with core dump Assertion `!LDAP_BACK_CONN_TAINTED( lc ) Product: OpenLDAP Version: 2.5.15 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: rajko@albrecht.jetzt Target Milestone: ---
The slapd daemon crashes every ten minutes with
slapd: ../../../../../servers/slapd/back-ldap/bind.c:181: ldap_back_conn_delete: Assertion `!LDAP_BACK_CONN_TAINTED( lc )' failed. Aborted (core dumped)
I searched around for multiple days but didn't find any solution to this problem.
I have the same problem with 2.6.x versions.
It is configured to act as caching ldap, while multiple hundred systems contact it.
The error message is completely useless for sysadmins because they don't understand what this means for them (as said, asking search engines gives no answers) nor I don't know if - and if so how - I can fix this with configuration.
I don't see if this message is talking about the connection to the upstream ldap server or if this is the connection from a client to the caching (and crashing) daemon.
First setup was plain on a linux machine, now runnig inside docker environment so the service is restarted after the crash. This is of course not a nice solution.
And it looks like the same like #4390 which is marked as "not solved".
At least a description what this error messages means would be very helpful incl. how a workaround could look like (increasing timeouts, increase/decrease a socket pool or whatever).
Currently the slapd is nearly useless when using it as a caching ldap with high load.
Any hints?
https://bugs.openldap.org/show_bug.cgi?id=10087
--- Comment #1 from Quanah Gibson-Mount quanah@openldap.org --- Please provide a backtrace from the generated core file, where the binary has debug symbols available.
https://bugs.openldap.org/show_bug.cgi?id=10087
--- Comment #2 from rajko@albrecht.jetzt --- The one and only I can retrieve:
Assertion failed: !LDAP_BACK_CONN_TAINTED( lc ) (bind.c: ldap_back_conn_delete: 181)
(With slapd 2.6.3 on alpine linux docker)
The problem: it is running in docker - when the container dies, the core dump is away. Running native is risky - docker immediately restarts the container in case of a crash.
But: I think I have the config option for reproducing:
For security reasons, the root-pw of the slapd and the bind to upstream ldap were configured with different values.
eg:
idassert-bind bindmethod=simple binddn="uid=ldapservice,ou=Users,o=<...>,dc=<...>,dc=com credentials="<upstream-pw>"
and
rootdn "uid=ldap,ou=Users,o=<...>,dc=<...>,dc=com" rootp "someotherpw"
was configured.
After I changed rootdn/rootpw to the same value of idassert-bind this problem disappeared. Second: it requires some load on slapd as far as I see - eg, more than one request per second for about 10 minutes.
Later this day I check if I can setup a small test environment for producing a full stacktrace without inflecting our production environment but I hope, my further information help.
https://bugs.openldap.org/show_bug.cgi?id=10087
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- Were you ever able to reproduce and get a valid stack trace?
https://bugs.openldap.org/show_bug.cgi?id=10087
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Keywords|needs_review | Resolution|--- |FEEDBACK
https://bugs.openldap.org/show_bug.cgi?id=10087
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|FEEDBACK |SUSPENDED
--- Comment #4 from Quanah Gibson-Mount quanah@openldap.org --- suspending until further information can be provided.
-
openldap-its@openldap.org