openldap-software June 2008

openldap-software@openldap.org

62 participants
64 discussions

ldap_bind: Can't contact LDAP server(multithreaded ldap client)
by Rakesh Yadav 02 Jun '08

02 Jun '08

Hi, I m using openldap-2.3.38 over linux platform. I have written a library using LDAP client API's according to my requirement. I m having RPC clients and a RPC server. This RPC server is multithreaded and uses the library which is written using LDAP client api. The problem is : 1. I have open a single connection with LDAP server and passed the global LDAP * ptr to all my library calls, And i sended a search request from rpc client in a loop, it works and gives the result but as i run second request for reading data from rpc server then i get error from LDAP server "*Broken pipe*". 2. Then i have decided i will use seprate connection with LDAP for each thread and use a local LDAP *ptr for thread. This time multiple requests from rpc client works for 2-3 minutes after that it also gives error. "*ldap_bind :Can't contact LDAP server*" In this case i opened and closed a connection with LDAP server for each thread. Please suggest me some solution for handling multiple threads with LDAP client API. In case of Solaris i got a sample for handling multiple threads with LDAP client api's. But this solution doesn't work over Linux. Please give me some solution. Thanks

3 2

slapd 2.4.7-2.4.9 segfaults with some specific search
by Piotr Wadas 02 Jun '08

02 Jun '08

Hello, I build openldap 2.4.7 a few weeks ago, and 2.4.9 yesterday, with 2.4.7 and 2.4.9, without any my patches, just a clean build. After adding my custom schema, uploading my data from production version, and indexing, I still have it crash with some specific search - I was hoping 2.4.9 have this resolved, seems not, so posting this. I distracted example search which always causes segfault, each time, 100% reproductible. Have nice reading.. :) I'd be glad to report I replaced my production with 2.4.x series, thanx upwards for any hint :) Should I perform some gdb-enabled build, and post some core? I'm currently ahead to do this. Details: ============== ============== slapd.conf: include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/dnsdomain2.schema include /etc/ldap/schema/sendmail.pw.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/ISPEnv2.schema include /etc/ldap/schema/mod_vhost_ldap.schema include /etc/ldap/schema/local.schema include /etc/ldap/schema/hpl.schema include /etc/ldap/schema/apache_ext.schema include /etc/ldap/schema/apache_alias.schema include /etc/ldap/schema/autofs.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args modulepath /usr/lib/ldap moduleload back_bdb backend bdb loglevel 0 database bdb cachesize 300000 concurrency 256 threads 32 lastmod on suffix "dc=ROOT" checkpoint 128 60 directory "/var/lib/ldap" sizelimit unlimited timelimit 16 include /etc/ldap/indexes rootdn "cn=Directory Manager,dc=ROOT" access to * by dn="cn=Read Only,dc=ROOT" read by * auth access to attrs=userPassword by anonymous auth by self write by * auth access to dn.base="dc=ROOT" by * auth access to dn.base="" by * auth ============== ============== /var/lib/ldap/DB_CONFIG is as follows: set_cachesize 0 2097152 0 set_lg_regionmax 1048576 set_lg_max 1048576 set_lk_max_objects 5000 set_lk_max_locks 5000 set_lk_max_lockers 5000 ============== ============== the database is loaded with slapadd (no -q) just before search, and after indexing, with or without any changes before fatal search slapd is started as follows: root@gnp34:~# slaptest config file testing succeeded root@gnp34:~# slapd -u root -g root \ -h ldap://192.168.0.221:389/ ldapi:/// \ -d $((1+2+4+8+16+32+64+128+256+512+1024+2048+4096+8192+16384)) ============== ============== the search parameters are: root@gnp34:~# ldapsearch -vvv -xh 192.168.0.221 \ -WD "cn=Directory Manager,dc=ROOT" -b "dc=dns,dc=nameservers,dc=ROOT" '(&(objectClass=dNSDomain)(associatedDomain=*fakedomain.com)(customerID=10125)(SOARecord=*)(NSRecord=*)(topLevelDomain=TRUE))' ldap_initialize( ldap://192.168.0.221 ) Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=dns,dc=nameservers,dc=ROOT> with scope subtree # filter: (&(objectClass=dNSDomain)(associatedDomain=*fakedomain.com)(customerID=10125)(SOARecord=*)(NSRecord=*)(topLevelDomain=TRUE)) # requesting: ALL # ldap_result: Can't contact LDAP server (-1) ================================================================== The same search on 2.3.x (production, old stable) with the same data, same indexing, same DB_CONFIG etc. returns the following object: (all my custom attributes are SUP of some standard text/bool attrs, no custom syntaxes nor other advanced customizing ) # fakedomain.com.dns.nameservers.ROOT dn: dc=fakedomain.com,dc=dns,dc=nameservers,dc=ROOT objectClass: top objectClass: dNSDomain objectClass: domainRelatedObject objectClass: managedAccessObject associatedDomain: fakedomain.com dc: fakedomain.com aRecord: AA.BB.CC.DD nSRecord: ns0.otherfakedomain.com nSRecord: ns1.otherfakedomain.com sOARecord: ns0.otherfakedomain.com hostmaster.otherfakedomain.com 2008011307 300 150 2592000 300 mXRecord: 10 mx10.fakedomain.com mXRecord: 20 mx20.fakedomain.com mXRecord: 30 mx10.otherfakedomain.com mXRecord: 40 mx20.otherfakedomain.com customerID: 10125 topLevelDomain: TRUE isActive: TRUE isBlocked: FALSE # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 ==================== ==================== build configuration is: --prefix=/usr --libexecdir='${prefix}/lib' --sysconfdir=/etc --localstatedir=/var --mandir='${prefix}/share/man' --enable-debug --enable-dynamic --enable-syslog --enable-proctitle --enable-ipv6 --enable-local --enable-slapd --enable-aci --enable-cleartext --enable-crypt --disable-lmpasswd --enable-spasswd --enable-modules --enable-rewrite --enable-rlookups --enable-slapi --enable-slp --enable-wrappers --enable-backends=mod --enable-ldbm=no --enable-overlays=mod --with-subdir=ldap --with-cyrus-sasl --with-threads --with-tls=gnutls --with-odbc=unixodbc ==================== ==================== and finally debug log collected contains (1000+ lines of initialization skipped ) as follows: slapd starting daemon: added 4r listener=(nil) daemon: added 7r listener=0x8199078 daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: activity on 1 descriptor daemon: activity on: slap_listener_activate(7): daemon: epoll: listen=7 busy >>> slap_listener(ldap://192.168.0.221:389/) daemon: listen=7, new connection on 12 daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: added 12r (active) listener=(nil) daemon: activity on 1 descriptor conn=0 fd=12 ACCEPT from IP=XX.YY.ZZ.MM:53598 (IP=192.168.0.221:389) daemon: activity on: 12r daemon: read active on 12 connection_get(12) daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero connection_get(12): got connid=0 connection_read(12): checking for input on id=0 ber_get_next ldap_read: want=8, got=8 0000: 30 30 02 01 01 60 2b 02 00...`+. ldap_read: want=42, got=42 0000: 01 03 04 1c 63 6e 3d 44 69 72 65 63 74 6f 72 79 ....cn=Directory 0010: 20 4d 61 6e 61 67 65 72 2c 64 63 3d 52 4f 4f 54 Manager,dc=ROOT 0020: 80 08 6b 7a 64 70 6d 31 6f 75 ..SECRET ber_get_next: tag 0x30 len 48 contents: ber_dump: buf=0x8263190 ptr=0x8263190 end=0x82631c0 len=48 0000: 02 01 01 60 2b 02 01 03 04 1c 63 6e 3d 44 69 72 ...`+.....cn=Dir 0010: 65 63 74 6f 72 79 20 4d 61 6e 61 67 65 72 2c 64 ectory Manager,d 0020: 63 3d 52 4f 4f 54 80 08 6b 7a 64 70 6d 31 6f 75 c=ROOT..SECRET ber_get_next ldap_read: want=8 error=Resource temporarily unavailable daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero conn=0 op=0 do_bind ber_scanf fmt ({imt) ber: ber_dump: buf=0x8263190 ptr=0x8263193 end=0x82631c0 len=45 0000: 60 2b 02 01 03 04 1c 63 6e 3d 44 69 72 65 63 74 `+.....cn=Direct 0010: 6f 72 79 20 4d 61 6e 61 67 65 72 2c 64 63 3d 52 ory Manager,dc=R 0020: 4f 4f 54 80 08 6b 7a 64 70 6d 31 6f 75 OOT..SECRET ber_scanf fmt (m}) ber: ber_dump: buf=0x8263190 ptr=0x82631b6 end=0x82631c0 len=10 0000: 00 08 6b 7a 64 70 6d 31 6f 75 ..SECRET >>> dnPrettyNormal: <cn=Directory Manager,dc=ROOT> => ldap_bv2dn(cn=Directory Manager,dc=ROOT,0) <= ldap_bv2dn(cn=Directory Manager,dc=ROOT)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Directory Manager,dc=ROOT)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=directory manager,dc=root)=0 <<< dnPrettyNormal: <cn=Directory Manager,dc=ROOT>, <cn=directory manager,dc=root> conn=0 op=0 BIND dn="cn=Directory Manager,dc=ROOT" method=128 do_bind: version=3 dn="cn=Directory Manager,dc=ROOT" method=128 ==> bdb_bind: dn: cn=Directory Manager,dc=ROOT bdb_dn2entry("cn=directory manager,dc=root") => bdb_dn2id("dc=root") <= bdb_dn2id: got id=0x1 => bdb_dn2id("cn=directory manager,dc=root") <= bdb_dn2id: got id=0x2 entry_decode: "cn=Directory Manager,dc=ROOT" <= entry_decode(cn=Directory Manager,dc=ROOT) => access_allowed: auth access to "cn=Directory Manager,dc=ROOT" "userPassword" requested => acl_get: [1] attr userPassword => slap_access_allowed: result not in cache (userPassword) => acl_mask: access to entry "cn=Directory Manager,dc=ROOT", attr "userPassword" requested => acl_mask: to value by "", (=0) <= check a_dn_pat: cn=nobody,dc=root <= check a_dn_pat: * <= acl_mask: [2] applying auth(=xd) (stop) <= acl_mask: [2] mask: auth(=xd) => slap_access_allowed: auth access granted by auth(=xd) => access_allowed: auth access granted by auth(=xd) conn=0 op=0 BIND dn="cn=Directory Manager,dc=ROOT" mech=SIMPLE ssf=0 do_bind: v3 bind: "cn=Directory Manager,dc=ROOT" to "cn=Directory Manager,dc=ROOT" send_ldap_result: conn=0 op=0 p=3 send_ldap_result: err=0 matched="" text="" send_ldap_response: msgid=1 tag=97 err=0 ber_flush2: 14 bytes to sd 12 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ daemon: activity on 1 descriptor daemon: activity on: 12r daemon: read active on 12 daemon: epoll: listen=7 active_threads=0 tvp=zero ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ conn=0 op=0 RESULT tag=97 err=0 text= connection_get(12) connection_get(12): got connid=0 connection_read(12): checking for input on id=0 ber_get_next ldap_read: want=8, got=8 0000: 30 81 b7 02 01 02 63 81 0.....c. ldap_read: want=178, got=178 0000: b1 04 1d 64 63 3d 64 6e 73 2c 64 63 3d 6e 61 6d ...dc=dns,dc=nam 0010: 65 73 65 72 76 65 72 73 2c 64 63 3d 52 4f 4f 54 eservers,dc=ROOT 0020: 0a 01 02 0a 01 03 02 01 00 02 01 00 01 01 00 a0 ................ 0030: 7f a3 18 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 .....objectClass 0040: 04 09 64 4e 53 44 6f 6d 61 69 6e a4 21 04 10 61 ..dNSDomain.!..a 0050: 73 73 6f 63 69 61 74 65 64 44 6f 6d 61 69 6e 30 ssociatedDomain0 0060: 0d 82 0b 63 6f 72 73 61 72 69 6f 2e 70 6c a3 13 ...fakedomain.com.. 0070: 04 0a 63 75 73 74 6f 6d 65 72 49 44 04 05 31 30 ..customerID..10 0080: 31 32 35 87 09 53 4f 41 52 65 63 6f 72 64 87 08 125..SOARecord.. 0090: 4e 53 52 65 63 6f 72 64 a3 16 04 0e 74 6f 70 4c NSRecord....topL 00a0: 65 76 65 6c 44 6f 6d 61 69 6e 04 04 54 52 55 45 evelDomain..TRUE 00b0: 30 00 0. ber_get_next: tag 0x30 len 183 contents: ber_dump: buf=0x8273e80 ptr=0x8273e80 end=0x8273f37 len=183 0000: 02 01 02 63 81 b1 04 1d 64 63 3d 64 6e 73 2c 64 ...c....dc=dns,d 0010: 63 3d 6e 61 6d 65 73 65 72 76 65 72 73 2c 64 63 c=nameservers,dc 0020: 3d 52 4f 4f 54 0a 01 02 0a 01 03 02 01 00 02 01 =ROOT........... 0030: 00 01 01 00 a0 7f a3 18 04 0b 6f 62 6a 65 63 74 ..........object 0040: 43 6c 61 73 73 04 09 64 4e 53 44 6f 6d 61 69 6e Class..dNSDomain 0050: a4 21 04 10 61 73 73 6f 63 69 61 74 65 64 44 6f .!..associatedDo 0060: 6d 61 69 6e 30 0d 82 0b 63 6f 72 73 61 72 69 6f main0...corsario 0070: 2e 70 6c a3 13 04 0a 63 75 73 74 6f 6d 65 72 49 .pl....customerI 0080: 44 04 05 31 30 31 32 35 87 09 53 4f 41 52 65 63 D..10125..SOARec 0090: 6f 72 64 87 08 4e 53 52 65 63 6f 72 64 a3 16 04 ord..NSRecord... 00a0: 0e 74 6f 70 4c 65 76 65 6c 44 6f 6d 61 69 6e 04 .topLevelDomain. 00b0: 04 54 52 55 45 30 00 .TRUE0. ber_get_next ldap_read: want=8 error=Resource temporarily unavailable daemon: activity on 1 descriptor daemon: activity on: daemon: epoll: listen=7 active_threads=0 tvp=zero conn=0 op=1 do_search ber_scanf fmt ({miiiib) ber: ber_dump: buf=0x8273e80 ptr=0x8273e83 end=0x8273f37 len=180 0000: 63 81 b1 04 1d 64 63 3d 64 6e 73 2c 64 63 3d 6e c....dc=dns,dc=n 0010: 61 6d 65 73 65 72 76 65 72 73 2c 64 63 3d 52 4f ameservers,dc=RO 0020: 4f 54 0a 01 02 0a 01 03 02 01 00 02 01 00 01 01 OT.............. 0030: 00 a0 7f a3 18 04 0b 6f 62 6a 65 63 74 43 6c 61 .......objectCla 0040: 73 73 04 09 64 4e 53 44 6f 6d 61 69 6e a4 21 04 ss..dNSDomain.!. 0050: 10 61 73 73 6f 63 69 61 74 65 64 44 6f 6d 61 69 .associatedDomai 0060: 6e 30 0d 82 0b 63 6f 72 73 61 72 69 6f 2e 70 6c n0...fakedomain.com 0070: a3 13 04 0a 63 75 73 74 6f 6d 65 72 49 44 04 05 ....customerID.. 0080: 31 30 31 32 35 87 09 53 4f 41 52 65 63 6f 72 64 10125..SOARecord 0090: 87 08 4e 53 52 65 63 6f 72 64 a3 16 04 0e 74 6f ..NSRecord....to 00a0: 70 4c 65 76 65 6c 44 6f 6d 61 69 6e 04 04 54 52 pLevelDomain..TR 00b0: 55 45 30 00 UE0. >>> dnPrettyNormal: <dc=dns,dc=nameservers,dc=ROOT> => ldap_bv2dn(dc=dns,dc=nameservers,dc=ROOT,0) <= ldap_bv2dn(dc=dns,dc=nameservers,dc=ROOT)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=dns,dc=nameservers,dc=ROOT)=0 => ldap_dn2bv(272) <= ldap_dn2bv(dc=dns,dc=nameservers,dc=root)=0 <<< dnPrettyNormal: <dc=dns,dc=nameservers,dc=ROOT>, <dc=dns,dc=nameservers,dc=root> SRCH "dc=dns,dc=nameservers,dc=ROOT" 2 3 0 0 0 begin get_filter AND begin get_filter_list begin get_filter EQUALITY ber_scanf fmt ({mm}) ber: ber_dump: buf=0x8273e80 ptr=0x8273eb6 end=0x8273f37 len=129 0000: a3 18 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 04 ....objectClass. 0010: 09 64 4e 53 44 6f 6d 61 69 6e a4 21 04 10 61 73 .dNSDomain.!..as 0020: 73 6f 63 69 61 74 65 64 44 6f 6d 61 69 6e 30 0d sociatedDomain0. 0030: 82 0b 63 6f 72 73 61 72 69 6f 2e 70 6c a3 13 04 ..fakedomain.com... 0040: 0a 63 75 73 74 6f 6d 65 72 49 44 04 05 31 30 31 .customerID..101 0050: 32 35 87 09 53 4f 41 52 65 63 6f 72 64 87 08 4e 25..SOARecord..N 0060: 53 52 65 63 6f 72 64 a3 16 04 0e 74 6f 70 4c 65 SRecord....topLe 0070: 76 65 6c 44 6f 6d 61 69 6e 04 04 54 52 55 45 30 velDomain..TRUE0 0080: 00 . end get_filter 0 begin get_filter SUBSTRINGS begin get_ssa ber_scanf fmt ({m) ber: ber_dump: buf=0x8273e80 ptr=0x8273ed0 end=0x8273f37 len=103 0000: 00 21 04 10 61 73 73 6f 63 69 61 74 65 64 44 6f .!..associatedDo 0010: 6d 61 69 6e 30 0d 82 0b 63 6f 72 73 61 72 69 6f main0...corsario 0020: 2e 70 6c a3 13 04 0a 63 75 73 74 6f 6d 65 72 49 .pl....customerI 0030: 44 04 05 31 30 31 32 35 87 09 53 4f 41 52 65 63 D..10125..SOARec 0040: 6f 72 64 87 08 4e 53 52 65 63 6f 72 64 a3 16 04 ord..NSRecord... 0050: 0e 74 6f 70 4c 65 76 65 6c 44 6f 6d 61 69 6e 04 .topLevelDomain. 0060: 04 54 52 55 45 30 00 .TRUE0. ber_scanf fmt (m) ber: ber_dump: buf=0x8273e80 ptr=0x8273ee6 end=0x8273f37 len=81 0000: 82 0b 63 6f 72 73 61 72 69 6f 2e 70 6c a3 13 04 ..fakedomain.com... 0010: 0a 63 75 73 74 6f 6d 65 72 49 44 04 05 31 30 31 .customerID..101 0020: 32 35 87 09 53 4f 41 52 65 63 6f 72 64 87 08 4e 25..SOARecord..N 0030: 53 52 65 63 6f 72 64 a3 16 04 0e 74 6f 70 4c 65 SRecord....topLe 0040: 76 65 6c 44 6f 6d 61 69 6e 04 04 54 52 55 45 30 velDomain..TRUE0 0050: 00 . FINAL end get_ssa end get_filter 0 begin get_filter EQUALITY ber_scanf fmt ({mm}) ber: ber_dump: buf=0x8273e80 ptr=0x8273ef3 end=0x8273f37 len=68 0000: 00 13 04 0a 63 75 73 74 6f 6d 65 72 49 44 04 05 ....customerID.. 0010: 31 30 31 32 35 87 09 53 4f 41 52 65 63 6f 72 64 10125..SOARecord 0020: 87 08 4e 53 52 65 63 6f 72 64 a3 16 04 0e 74 6f ..NSRecord....to 0030: 70 4c 65 76 65 6c 44 6f 6d 61 69 6e 04 04 54 52 pLevelDomain..TR 0040: 55 45 30 00 UE0. end get_filter 0 begin get_filter PRESENT ber_scanf fmt (m) ber: ber_dump: buf=0x8273e80 ptr=0x8273f08 end=0x8273f37 len=47 0000: 00 09 53 4f 41 52 65 63 6f 72 64 87 08 4e 53 52 ..SOARecord..NSR 0010: 65 63 6f 72 64 a3 16 04 0e 74 6f 70 4c 65 76 65 ecord....topLeve 0020: 6c 44 6f 6d 61 69 6e 04 04 54 52 55 45 30 00 lDomain..TRUE0. end get_filter 0 begin get_filter PRESENT ber_scanf fmt (m) ber: ber_dump: buf=0x8273e80 ptr=0x8273f13 end=0x8273f37 len=36 0000: 00 08 4e 53 52 65 63 6f 72 64 a3 16 04 0e 74 6f ..NSRecord....to 0010: 70 4c 65 76 65 6c 44 6f 6d 61 69 6e 04 04 54 52 pLevelDomain..TR 0020: 55 45 30 00 UE0. end get_filter 0 begin get_filter EQUALITY ber_scanf fmt ({mm}) ber: ber_dump: buf=0x8273e80 ptr=0x8273f1d end=0x8273f37 len=26 0000: 00 16 04 0e 74 6f 70 4c 65 76 65 6c 44 6f 6d 61 ....topLevelDoma 0010: 69 6e 04 04 54 52 55 45 30 00 in..TRUE0. end get_filter 0 end get_filter_list end get_filter 0 filter: (&(objectClass=dNSDomain)(associatedDomain=*fakedomain.com)(customerID=10125)(sOARecord=*)(nSRecord=*)(topLevelDomain=TRUE)) ber_scanf fmt ({M}}) ber: ber_dump: buf=0x8273e80 ptr=0x8273f35 end=0x8273f37 len=2 0000: 00 00 .. attrs: conn=0 op=1 SRCH base="dc=dns,dc=nameservers,dc=ROOT" scope=2 deref=3 filter="(&(objectClass=dNSDomain)(associatedDomain=*fakedomain.com)(customerID=10125)(sOARecord=*)(nSRecord=*)(topLevelDomain=TRUE))" => bdb_search bdb_dn2entry("dc=dns,dc=nameservers,dc=root") => bdb_dn2id("dc=nameservers,dc=root") <= bdb_dn2id: got id=0x4 => bdb_dn2id("dc=dns,dc=nameservers,dc=root") <= bdb_dn2id: got id=0x5 entry_decode: "dc=dns,dc=nameservers,dc=ROOT" <= entry_decode(dc=dns,dc=nameservers,dc=ROOT) => access_allowed: search access to "dc=dns,dc=nameservers,dc=ROOT" "entry" requested <= root access granted => access_allowed: search access granted by manage(=mwrscxd) search_candidates: base="dc=dns,dc=nameservers,dc=root" (0x00000005) scope=2 => bdb_filter_candidates EQUALITY => bdb_equality_candidates (objectClass) => key_read bdb_idl_fetch_key: [01872a84] <= bdb_index_read: failed (-30990) <= bdb_equality_candidates: id=0, first=0, last=0 <= bdb_filter_candidates: id=0 first=0 last=0 => bdb_dn2idl("dc=dns,dc=nameservers,dc=root") bdb_idl_fetch_key: @dc=dns,dc=nameservers,dc=root <= bdb_dn2idl: id=4010 first=5 last=13487 => bdb_filter_candidates AND => bdb_list_candidates 0xa0 => bdb_filter_candidates OR => bdb_list_candidates 0xa1 => bdb_filter_candidates EQUALITY => bdb_equality_candidates (objectClass) => key_read bdb_idl_fetch_key: [b49dA1940] <= bdb_index_read: failed (-30990) <= bdb_equality_candidates: id=0, first=0, last=0 <= bdb_filter_candidates: id=0 first=0 last=0 => bdb_filter_candidates AND => bdb_list_candidates 0xa0 => bdb_filter_candidates EQUALITY => bdb_equality_candidates (objectClass) => key_read bdb_idl_fetch_key: [a45a345e] <= bdb_index_read 4049 candidates <= bdb_equality_candidates: id=4049, first=6, last=13487 <= bdb_filter_candidates: id=4049 first=6 last=13487 => bdb_filter_candidates SUBSTRINGS => bdb_substring_candidates (associatedDomain) => key_read bdb_idl_fetch_key: [612e9033] <= bdb_index_read 1127 candidates => key_read bdb_idl_fetch_key: [0ba8920a] <= bdb_index_read 46 candidates => key_read bdb_idl_fetch_key: [003a7d56] <= bdb_index_read 63 candidates => key_read bdb_idl_fetch_key: [d9fbeb39] <= bdb_index_read 63 candidates => key_read bdb_idl_fetch_key: [5eaf4814] <= bdb_index_read 29 candidates <= bdb_substring_candidates: 29, first=5287, last=12929 <= bdb_filter_candidates: id=29 first=5287 last=12929 => bdb_filter_candidates EQUALITY => bdb_equality_candidates (customerID) => key_read bdb_idl_fetch_key: [8000278d] <= bdb_index_read 125 candidates => key_read bdb_idl_fetch_key: [0ba8920a] <= bdb_index_read: failed (-30990) Segmentation fault =============================================== =================================================

3 9

Delta-syncrepl issue
by Kieran JOYEUX 02 Jun '08

02 Jun '08

Hi guys, I got an issue setting up a delta-syncrepl replication. It's Here is my provider and consumer syslog output. Do you have any ideas of what's going on, or a clue to lead my search, i'll be really grateful... I kind have a headache right now... Thanks a lot for your help. Regards, Kin -------------------------------------------------------------- Provider's syslog------------------------------------- May 30 18:02:35 bom-ldap1 slapd[17515]: conn=68 op=1 SRCH base="cn=accesslog" scope=2 deref=0 filter="(&(objectClass=auditWriteObject)(reqResult=0))" May 30 18:02:35 bom-ldap1 slapd[17515]: conn=68 op=1 SRCH attr=reqDN reqType reqMod reqNewRDN reqDeleteOldRDN reqNewSuperior entryCSN May 30 18:02:35 bom-ldap1 slapd[17515]: findbase failed! 32 May 30 18:02:35 bom-ldap1 slapd[17515]: conn=68 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text= May 30 18:02:35 bom-ldap1 slapd[17515]: conn=68 op=2 UNBIND May 30 18:02:35 bom-ldap1 slapd[17515]: conn=68 fd=19 closed May 30 18:03:35 bom-ldap1 slapd[17515]: conn=69 fd=19 ACCEPT from IP=192.168.3.62:38515 (IP=192.168.3.61:636) May 30 18:03:35 bom-ldap1 slapd[17515]: conn=69 fd=19 TLS established tls_ssf=256 ssf=256 May 30 18:03:35 bom-ldap1 slapd[17515]: conn=69 op=0 BIND dn="cn=admin,dc=*********,dc=com" method=128 May 30 18:03:35 bom-ldap1 slapd[17515]: conn=69 op=0 BIND dn="cn=admin,dc=*********,dc=com" mech=SIMPLE ssf=0 May 30 18:03:35 bom-ldap1 slapd[17515]: conn=69 op=0 RESULT tag=97 err=0 text= ----------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------Consumer's syslog ------------------------------------------------------------------- May 30 17:58:50 bom-ldap2 slapd[25741]: do_syncrep2: rid=000 (32) No such object May 30 17:58:50 bom-ldap2 slapd[25741]: do_syncrepl: rid=000 retrying ----------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------Provider's slapd.conf ---------------------------------- access to * by dn.base="cn=replicator,ou=admins,dc=*****,dc=com" read by * break # Accesslog database definitions --------------------------------------------- database hdb suffix cn=accesslog directory /usr/local/openldap-2.4.9//var/accesslog rootdn cn=accesslog rootpw ***** index default eq index entryCSN,objectClass,reqEnd,reqResult,reqStart overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE # Let the replica DN have limitless searches limits dn.exact="cn=replicator,ou=admins,dc=*****,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited ####################################################################### # BDB database definitions ####################################################################### ........... ************************************ database config ************************************ ............ index entryCSN eq index entryUUID eq #syncrepl Provider for primary db overlay syncprov syncprov-checkpoint 1000 60 #accesslog overlay definitions for primary db overlay accesslog logdb cn=accesslog logops writes logsuccess TRUE #scan the accesslog DB every day, and purge entries older than 7 days logpurge 07+00:00 01+00:00 #Let the replica DN have limitless searches limits dn.exact="cn=replicator,ou=admins,dc=*****,dc=com" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited --------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------------Consumer's slapd.conf -------------------------------------------- index entryUUID eq # syncrepl specific indices syncrepl rid=0 provider=ldaps://bom-ldap1.*****.com:636 bindmethod=simple binddn="cn=admin,dc=*****,dc=com" credentials=***** searchbase="dc=*****,dc=com" logbase="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog # Refer updates to the master updateref ldaps://bom-ldap1.*****:636 ---------------------------------------------------------------------------------------------------------------------------------

2 1

relative speed of writes
by Jason Dusek 01 Jun '08

01 Jun '08

What is the relative complexity of reads and writes in OpenLDAP? Are modifications as expensive as creations? I'm aware that writes are not as cheap as reads, and anecdotally I've seen figures like ten-to-one -- the usual justification being that writes force the lookup tree to be rebalanced. Which lookup tree? The articles I've read (their URL escapes me at the moment) don't really say, but I assume it's the DN lookup tree. I'd like to know: o How does the complexity of creation vary? Maybe the tree is rebalanced only once in awhile. o Do attribute modifications have the same complexity as creation? Probably not, if the issue is rebalancing the DN lookup tree. I will be able to ask more intelligent questions in the coming month, when I put together benchmarks and actually learn the OpenLDAP API -- so I have not asked for any ratios, for example (comparing number of `ldap_search_ext()` requests to number of `ldap_mod_ext()` requests is disingenuous, since the latter gets a DN to start with and the former does not.) At this point, I'm working out a proposal to propose another proposal for using LDAP for horizontally scalable storage of small records -- I need to be able to say something about write performance, but I'm not able to put work into the benchmarking yet. -- _jsn

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-software June 2008