Full_Name: Benjamin Dauvergne Version: 2.4.40 OS: Debian URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (82.242.47.212)

I had configured an mdb backend with a unique overlay configured like this:

add olcOverlay={4}unique,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcUniqueConfig olcOverlay: {4}unique olcUniqueURI: ldap://?supannAutreMail?sub

When trying to add the first non root-entry of new DB openldap freeze and takes 100% CPU. After activating loglevel 255 I saw that it was looping inside mdb_search() logging 'scope not okay' with an increasing integer value in front.

The problem here is that le LDAP URI is missing a third 'slash' which should separate the missing hostname part from the base DN parameter. The RFC 2255 grammar seem to imply that the third slash is mandatory if there are other parameters after it. I think OpenLDAP should have complained about the malformed olcUniqueURI value, not accept it blindly and fail by entering an infinite loop.

Overlay configuration that is working:

add olcOverlay={4}unique,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcUniqueConfig olcOverlay: {4}unique olcUniqueURI: ldap:///?supannAutreMail?sub