New subject: [Issue 9820] v2.5 and 2.6 closed (idletimeout) during ldapsearch (work fine with v2.4)

8 Apr 2022


      https://bugs.openldap.org/show_bug.cgi?id=9820
Issue ID: 9820
           Summary: v2.5 and 2.6 closed (idletimeout) during ldapsearch
                    (work fine with v2.4)
           Product: OpenLDAP
           Version: 2.6.1
          Hardware: x86_64
                OS: Linux
            Status: UNCONFIRMED
          Keywords: needs_review
          Severity: normal
          Priority: ---
         Component: slapd
          Assignee: bugs@openldap.org
          Reporter: jlbs.gregoire@gmail.com
  Target Milestone: ---
Hello,
Please excuse me for my bad English.
Is there a bug with openldap 2.5 and 2.6 ? When I launch a ldapsearch on the
whole directory, the connection is abruptly cut during the search (same problem
with syncrepl).
All work fine with openldap 2.4.48 and 2.4.59.
Tested on Debian 10 buster and openssl 1.1.1n (also tested with openssl 1.1.1d
and 1.1.1k).
The directory contains over one million entries.
OpenLDAP 2.6.1 compiled with the following options
./configure --prefix=/opt/openldap-2.6.1 --disable-ipv6 --enable-debug
--enable-syslog --enable-slapd --enable-cleartext --enable-crypt
--enable-wrappers --enable-backends=no --enable-mdb --enable-overlays
--with-tls
/opt/openldap-2.6.1/bin/ldapsearch -x -D cn=manager,dc=societe,dc=com -w
'password'
...
# numResponses: 50146
# numEntries: 50146
ldap_result: Can't contact LDAP server (-1)
Apr  8 21:28:37 debian slapd[20880]: @(#) $OpenLDAP: slapd 2.6.1 (Apr  8 2022
20:34:26) $#012#011root@debian:/opt/src/openldap-2.6.1/servers/slapd
Apr  8 21:28:37 debian slapd[20881]: slapd starting
Apr  8 21:29:12 debian slapd[20881]: conn=1000 fd=11 ACCEPT from
PATH=/opt/openldap-2.6.1/var/run/ldapi (PATH=/opt/openldap-2.6.1/var/run/ldapi)
Apr  8 21:29:12 debian slapd[20881]: conn=1000 op=0 BIND
dn="cn=manager,dc=societe,dc=com" method=128
Apr  8 21:29:12 debian slapd[20881]: conn=1000 op=0 BIND
dn="cn=manager,dc=societe,dc=com" mech=SIMPLE bind_ssf=0 ssf=71
Apr  8 21:29:12 debian slapd[20881]: conn=1000 op=0 RESULT tag=97 err=0
qtime=0.000005 etime=0.000041 text=
Apr  8 21:29:12 debian slapd[20881]: conn=1000 op=1 SRCH
base="dc=societe,dc=com" scope=2 deref=0 filter="(objectClass=*)"
Apr  8 21:29:57 debian slapd[20881]: conn=1000 fd=11 closed (idletimeout)
OpenLDAP 2.5.11 compiled with the following options
./configure --prefix=/opt/openldap-2.5.11 --disable-ipv6 --enable-debug
--enable-syslog --enable-slapd --enable-cleartext --enable-crypt
--enable-wrappers --enable-backends=no --enable-mdb --enable-overlays
--with-tls
/opt/openldap-2.5.11/bin/ldapsearch -x -D cn=manager,dc=societe,dc=com -w
'password'
...
# numResponses: 44638
# numEntries: 44638
ldap_result: Can't contact LDAP server (-1)
Apr  8 21:44:18 debian slapd[21063]: @(#) $OpenLDAP: slapd 2.5.11 (Apr  8 2022
20:55:50) $#012#011root@debian:/opt/src/openldap-2.5.11/servers/slapd
Apr  8 21:44:18 debian slapd[21064]: slapd starting
Apr  8 21:44:45 debian slapd[21064]: conn=1000 fd=11 ACCEPT from
PATH=/opt/openldap-2.5.11/var/run/ldapi
(PATH=/opt/openldap-2.5.11/var/run/ldapi)
Apr  8 21:44:45 debian slapd[21064]: conn=1000 op=0 BIND
dn="cn=manager,dc=societe,dc=com" method=128
Apr  8 21:44:45 debian slapd[21064]: conn=1000 op=0 BIND
dn="cn=manager,dc=societe,dc=com" mech=SIMPLE bind_ssf=0 ssf=71
Apr  8 21:44:45 debian slapd[21064]: conn=1000 op=0 RESULT tag=97 err=0
qtime=0.000006 etime=0.000045 text=
Apr  8 21:44:45 debian slapd[21064]: conn=1000 op=1 SRCH
base="dc=societe,dc=com" scope=2 deref=0 filter="(objectClass=*)"
Apr  8 21:45:30 debian slapd[21064]: conn=1000 fd=11 closed (idletimeout)
OpenLDAP 2.4.59 compiled with the following options
./configure --prefix=/opt/openldap-2.4.59 --disable-ipv6 --enable-debug
--enable-syslog --enable-slapd --enable-cleartext --enable-crypt
--enable-wrappers --enable-backends=no --enable-mdb --enable-overlays
--with-tls
/opt/openldap-2.4.59/bin/ldapsearch -x -D cn=manager,dc=societe,dc=com -w
'password'
Apr  8 21:53:22 debian slapd[17963]: @(#) $OpenLDAP: slapd 2.4.59 (Apr  8 2022
21:51:41) $#012#011root@debian:/opt/src/openldap-2.4.59/servers/slapd
Apr  8 21:53:22 debian slapd[17964]: slapd starting
Apr  8 21:53:54 debian slapd[17964]: conn=1000 fd=11 ACCEPT from
PATH=/opt/openldap-2.4.59/var/run/ldapi
(PATH=/opt/openldap-2.4.59/var/run/ldapi)
Apr  8 21:53:54 debian slapd[17964]: conn=1000 op=0 BIND
dn="cn=manager,dc=societe,dc=com" method=128
Apr  8 21:53:54 debian slapd[17964]: conn=1000 op=0 BIND
dn="cn=manager,dc=societe,dc=com" mech=SIMPLE ssf=0
Apr  8 21:53:54 debian slapd[17964]: conn=1000 op=0 RESULT tag=97 err=0 text=
Apr  8 21:53:54 debian slapd[17964]: conn=1000 op=1 SRCH
base="dc=societe,dc=com" scope=2 deref=0 filter="(objectClass=*)"
Apr  8 22:06:02 debian slapd[17964]: conn=1000 op=1 SEARCH RESULT tag=101 err=0
nentries=1021397 text=
Apr  8 22:06:02 debian slapd[17964]: conn=1000 op=2 UNBIND
Apr  8 22:06:02 debian slapd[17964]: conn=1000 fd=11 closed
OpenLDAP 2.4.48 compiled with the following options
./configure --prefix=/opt/openldap-2.4.48 --disable-ipv6 --enable-debug
--enable-syslog --enable-slapd --enable-cleartext --enable-crypt
--enable-wrappers --enable-backends=no --enable-mdb --enable-overlays
--with-tls
/opt/openldap-2.4.48/bin/ldapsearch -x -D cn=manager,dc=societe,dc=com -w
'password'
Apr  8 21:30:44 debian slapd[20942]: @(#) $OpenLDAP: slapd 2.4.48 (Apr  8 2022
20:58:01) $#012#011root@debian:/opt/src/openldap-2.4.48/servers/slapd
Apr  8 21:30:44 debian slapd[20943]: slapd starting
Apr  8 21:31:05 debian slapd[20943]: conn=1000 fd=11 ACCEPT from
PATH=/opt/openldap-2.4.48/var/run/ldapi
(PATH=/opt/openldap-2.4.48/var/run/ldapi)
Apr  8 21:31:05 debian slapd[20943]: conn=1000 op=0 BIND
dn="cn=manager,dc=societe,dc=com" method=128
Apr  8 21:31:05 debian slapd[20943]: conn=1000 op=0 BIND
dn="cn=manager,dc=societe,dc=com" mech=SIMPLE ssf=0
Apr  8 21:31:05 debian slapd[20943]: conn=1000 op=0 RESULT tag=97 err=0 text=
Apr  8 21:31:05 debian slapd[20943]: conn=1000 op=1 SRCH
base="dc=societe,dc=com" scope=2 deref=0 filter="(objectClass=*)"
Apr  8 21:43:15 debian slapd[20943]: conn=1000 op=1 SEARCH RESULT tag=101 err=0
nentries=1021397 text=
Apr  8 21:43:15 debian slapd[20943]: conn=1000 op=2 UNBIND
Apr  8 21:43:15 debian slapd[20943]: conn=1000 fd=11 closed
Content of slapd.conf :
pidfile                /opt/openldap/var/run/slapd.pid
argsfile               /opt/openldap/var/run/slapd.args
tool-threads           2
require                ldapv3 authc
disallow               bind_anon
loglevel               stats
modulepath             /opt/openldap/libexec/openldap
moduleload             back_mdb
moduleload             syncprov
include                /opt/openldap/etc/openldap/schema/core.schema
include                /opt/openldap/etc/openldap/schema/cosine.schema
include                /opt/openldap/etc/openldap/schema/inetorgperson.schema
include                /opt/openldap/etc/openldap/schema/dyngroup_cgi.schema
include                /opt/openldap/etc/openldap/schema/qmail_cgi.schema
defaultsearchbase      "dc=societe,dc=com"
backend                mdb
database               mdb
directory              "/ldap/base-ldap"
suffix                 "dc=societe,dc=com"
rootdn                 "cn=manager,dc=societe,dc=com"
rootpw                 password
maxsize                12884901888
mode                   600
checkpoint             10240 2
dbnosync
lastmod                on
include                /opt/openldap/etc/openldap/acl.conf
idletimeout            120
reverse-lookup         off
sizelimit              100
timelimit              unlimited
include                /opt/openldap/etc/openldap/index.conf
index_substr_if_minlen 2
index_substr_if_maxlen 4
index_substr_any_len   4
index_substr_any_step  2
When I set loglevel -1 it works correctly (but generates a very huge log file).
It's very strange.
If you need any further information, feel free to contact me.
Jean-Loup Gregoire
-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 9820] New: v2.5 and 2.6 closed (idletimeout) during ldapsearch (work fine with v2.4)