ldap_bind: Can't contact LDAP server(multithreaded ldap client)
by Rakesh Yadav
Hi,
I m using openldap-2.3.38 over linux platform.
I have written a library using LDAP client API's according to my
requirement.
I m having RPC clients and a RPC server. This RPC server is
multithreaded and uses the library which is written using LDAP client api.
The problem is :
1. I have open a single connection with LDAP server and passed the
global LDAP * ptr to all my library calls,
And i sended a search request from rpc client in a loop, it works
and gives the result but as i run second request for
reading data from rpc server then i get error from LDAP server
"*Broken pipe*".
2. Then i have decided i will use seprate connection with LDAP for each
thread and use a local LDAP *ptr for thread.
This time multiple requests from rpc client works for 2-3 minutes
after that it also gives error.
"*ldap_bind :Can't contact LDAP server*"
In this case i opened and closed a connection with LDAP server for
each thread.
Please suggest me some solution for handling multiple threads with LDAP
client API.
In case of Solaris i got a sample for handling multiple threads with
LDAP client api's.
But this solution doesn't work over Linux.
Please give me some solution.
Thanks
12 years, 7 months
slapd 2.4.7-2.4.9 segfaults with some specific search
by Piotr Wadas
Hello,
I build openldap 2.4.7 a few weeks ago, and 2.4.9 yesterday,
with 2.4.7 and 2.4.9, without any my patches, just a clean build.
After adding my custom schema, uploading my data from production version,
and indexing, I still have it crash with some specific search -
I was hoping 2.4.9 have this resolved, seems not, so posting this.
I distracted example search which always causes segfault, each time,
100% reproductible.
Have nice reading.. :) I'd be glad to report I replaced my
production with 2.4.x series, thanx upwards for any hint :)
Should I perform some gdb-enabled build, and post some core?
I'm currently ahead to do this.
Details:
==============
==============
slapd.conf:
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/dnsdomain2.schema
include /etc/ldap/schema/sendmail.pw.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/ISPEnv2.schema
include /etc/ldap/schema/mod_vhost_ldap.schema
include /etc/ldap/schema/local.schema
include /etc/ldap/schema/hpl.schema
include /etc/ldap/schema/apache_ext.schema
include /etc/ldap/schema/apache_alias.schema
include /etc/ldap/schema/autofs.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/ldap
moduleload back_bdb
backend bdb
loglevel 0
database bdb
cachesize 300000
concurrency 256
threads 32
lastmod on
suffix "dc=ROOT"
checkpoint 128 60
directory "/var/lib/ldap"
sizelimit unlimited
timelimit 16
include /etc/ldap/indexes
rootdn "cn=Directory Manager,dc=ROOT"
access to *
by dn="cn=Read Only,dc=ROOT" read
by * auth
access to attrs=userPassword
by anonymous auth
by self write
by * auth
access to dn.base="dc=ROOT"
by * auth
access to dn.base=""
by * auth
==============
==============
/var/lib/ldap/DB_CONFIG is as follows:
set_cachesize 0 2097152 0
set_lg_regionmax 1048576
set_lg_max 1048576
set_lk_max_objects 5000
set_lk_max_locks 5000
set_lk_max_lockers 5000
==============
==============
the database is loaded with slapadd (no -q)
just before search, and after indexing, with or
without any changes before fatal search slapd is started as follows:
root@gnp34:~# slaptest
config file testing succeeded
root@gnp34:~# slapd -u root -g root \
-h ldap://192.168.0.221:389/ ldapi:/// \
-d $((1+2+4+8+16+32+64+128+256+512+1024+2048+4096+8192+16384))
==============
==============
the search parameters are:
root@gnp34:~# ldapsearch -vvv -xh 192.168.0.221 \
-WD "cn=Directory Manager,dc=ROOT" -b "dc=dns,dc=nameservers,dc=ROOT"
'(&(objectClass=dNSDomain)(associatedDomain=*fakedomain.com)(customerID=10125)(SOARecord=*)(NSRecord=*)(topLevelDomain=TRUE))'
ldap_initialize( ldap://192.168.0.221 )
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=dns,dc=nameservers,dc=ROOT> with scope subtree
# filter: (&(objectClass=dNSDomain)(associatedDomain=*fakedomain.com)(customerID=10125)(SOARecord=*)(NSRecord=*)(topLevelDomain=TRUE))
# requesting: ALL
#
ldap_result: Can't contact LDAP server (-1)
================================================================== The
same search on 2.3.x (production, old stable) with the same data, same
indexing, same DB_CONFIG etc. returns the following object: (all my custom
attributes are SUP of some standard text/bool attrs, no custom syntaxes
nor other advanced customizing )
# fakedomain.com.dns.nameservers.ROOT
dn: dc=fakedomain.com,dc=dns,dc=nameservers,dc=ROOT
objectClass: top
objectClass: dNSDomain
objectClass: domainRelatedObject
objectClass: managedAccessObject
associatedDomain: fakedomain.com
dc: fakedomain.com
aRecord: AA.BB.CC.DD
nSRecord: ns0.otherfakedomain.com
nSRecord: ns1.otherfakedomain.com
sOARecord: ns0.otherfakedomain.com hostmaster.otherfakedomain.com 2008011307 300 150 2592000 300
mXRecord: 10 mx10.fakedomain.com
mXRecord: 20 mx20.fakedomain.com
mXRecord: 30 mx10.otherfakedomain.com
mXRecord: 40 mx20.otherfakedomain.com
customerID: 10125
topLevelDomain: TRUE
isActive: TRUE
isBlocked: FALSE
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
====================
====================
build configuration is:
--prefix=/usr
--libexecdir='${prefix}/lib'
--sysconfdir=/etc
--localstatedir=/var
--mandir='${prefix}/share/man'
--enable-debug
--enable-dynamic
--enable-syslog
--enable-proctitle
--enable-ipv6
--enable-local
--enable-slapd
--enable-aci
--enable-cleartext
--enable-crypt
--disable-lmpasswd
--enable-spasswd
--enable-modules
--enable-rewrite
--enable-rlookups
--enable-slapi
--enable-slp
--enable-wrappers
--enable-backends=mod
--enable-ldbm=no
--enable-overlays=mod
--with-subdir=ldap
--with-cyrus-sasl
--with-threads
--with-tls=gnutls
--with-odbc=unixodbc
====================
====================
and finally debug log collected contains (1000+ lines of initialization
skipped ) as follows:
slapd starting
daemon: added 4r listener=(nil)
daemon: added 7r listener=0x8199078
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: activity on 1 descriptor
daemon: activity on:
slap_listener_activate(7):
daemon: epoll: listen=7 busy
>>> slap_listener(ldap://192.168.0.221:389/)
daemon: listen=7, new connection on 12
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: added 12r (active) listener=(nil)
daemon: activity on 1 descriptor
conn=0 fd=12 ACCEPT from IP=XX.YY.ZZ.MM:53598 (IP=192.168.0.221:389)
daemon: activity on: 12r
daemon: read active on 12
connection_get(12)
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
connection_get(12): got connid=0
connection_read(12): checking for input on id=0
ber_get_next
ldap_read: want=8, got=8
0000: 30 30 02 01 01 60 2b 02 00...`+.
ldap_read: want=42, got=42
0000: 01 03 04 1c 63 6e 3d 44 69 72 65 63 74 6f 72 79 ....cn=Directory
0010: 20 4d 61 6e 61 67 65 72 2c 64 63 3d 52 4f 4f 54 Manager,dc=ROOT
0020: 80 08 6b 7a 64 70 6d 31 6f 75 ..SECRET
ber_get_next: tag 0x30 len 48 contents:
ber_dump: buf=0x8263190 ptr=0x8263190 end=0x82631c0 len=48
0000: 02 01 01 60 2b 02 01 03 04 1c 63 6e 3d 44 69 72 ...`+.....cn=Dir
0010: 65 63 74 6f 72 79 20 4d 61 6e 61 67 65 72 2c 64 ectory Manager,d
0020: 63 3d 52 4f 4f 54 80 08 6b 7a 64 70 6d 31 6f 75 c=ROOT..SECRET
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
conn=0 op=0 do_bind
ber_scanf fmt ({imt) ber:
ber_dump: buf=0x8263190 ptr=0x8263193 end=0x82631c0 len=45
0000: 60 2b 02 01 03 04 1c 63 6e 3d 44 69 72 65 63 74 `+.....cn=Direct
0010: 6f 72 79 20 4d 61 6e 61 67 65 72 2c 64 63 3d 52 ory Manager,dc=R
0020: 4f 4f 54 80 08 6b 7a 64 70 6d 31 6f 75 OOT..SECRET
ber_scanf fmt (m}) ber:
ber_dump: buf=0x8263190 ptr=0x82631b6 end=0x82631c0 len=10
0000: 00 08 6b 7a 64 70 6d 31 6f 75 ..SECRET
>>> dnPrettyNormal: <cn=Directory Manager,dc=ROOT>
=> ldap_bv2dn(cn=Directory Manager,dc=ROOT,0)
<= ldap_bv2dn(cn=Directory Manager,dc=ROOT)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Directory Manager,dc=ROOT)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=directory manager,dc=root)=0
<<< dnPrettyNormal: <cn=Directory Manager,dc=ROOT>, <cn=directory manager,dc=root>
conn=0 op=0 BIND dn="cn=Directory Manager,dc=ROOT" method=128
do_bind: version=3 dn="cn=Directory Manager,dc=ROOT" method=128
==> bdb_bind: dn: cn=Directory Manager,dc=ROOT
bdb_dn2entry("cn=directory manager,dc=root")
=> bdb_dn2id("dc=root")
<= bdb_dn2id: got id=0x1
=> bdb_dn2id("cn=directory manager,dc=root")
<= bdb_dn2id: got id=0x2
entry_decode: "cn=Directory Manager,dc=ROOT"
<= entry_decode(cn=Directory Manager,dc=ROOT)
=> access_allowed: auth access to "cn=Directory Manager,dc=ROOT" "userPassword" requested
=> acl_get: [1] attr userPassword
=> slap_access_allowed: result not in cache (userPassword)
=> acl_mask: access to entry "cn=Directory Manager,dc=ROOT", attr "userPassword" requested
=> acl_mask: to value by "", (=0)
<= check a_dn_pat: cn=nobody,dc=root
<= check a_dn_pat: *
<= acl_mask: [2] applying auth(=xd) (stop)
<= acl_mask: [2] mask: auth(=xd)
=> slap_access_allowed: auth access granted by auth(=xd)
=> access_allowed: auth access granted by auth(=xd)
conn=0 op=0 BIND dn="cn=Directory Manager,dc=ROOT" mech=SIMPLE ssf=0
do_bind: v3 bind: "cn=Directory Manager,dc=ROOT" to "cn=Directory Manager,dc=ROOT"
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=1 tag=97 err=0
ber_flush2: 14 bytes to sd 12
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
daemon: activity on 1 descriptor
daemon: activity on: 12r
daemon: read active on 12
daemon: epoll: listen=7 active_threads=0 tvp=zero
ldap_write: want=14, written=14
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
conn=0 op=0 RESULT tag=97 err=0 text=
connection_get(12)
connection_get(12): got connid=0
connection_read(12): checking for input on id=0
ber_get_next
ldap_read: want=8, got=8
0000: 30 81 b7 02 01 02 63 81 0.....c.
ldap_read: want=178, got=178
0000: b1 04 1d 64 63 3d 64 6e 73 2c 64 63 3d 6e 61 6d ...dc=dns,dc=nam
0010: 65 73 65 72 76 65 72 73 2c 64 63 3d 52 4f 4f 54 eservers,dc=ROOT
0020: 0a 01 02 0a 01 03 02 01 00 02 01 00 01 01 00 a0 ................
0030: 7f a3 18 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 .....objectClass
0040: 04 09 64 4e 53 44 6f 6d 61 69 6e a4 21 04 10 61 ..dNSDomain.!..a
0050: 73 73 6f 63 69 61 74 65 64 44 6f 6d 61 69 6e 30 ssociatedDomain0
0060: 0d 82 0b 63 6f 72 73 61 72 69 6f 2e 70 6c a3 13 ...fakedomain.com..
0070: 04 0a 63 75 73 74 6f 6d 65 72 49 44 04 05 31 30 ..customerID..10
0080: 31 32 35 87 09 53 4f 41 52 65 63 6f 72 64 87 08 125..SOARecord..
0090: 4e 53 52 65 63 6f 72 64 a3 16 04 0e 74 6f 70 4c NSRecord....topL
00a0: 65 76 65 6c 44 6f 6d 61 69 6e 04 04 54 52 55 45 evelDomain..TRUE
00b0: 30 00 0.
ber_get_next: tag 0x30 len 183 contents:
ber_dump: buf=0x8273e80 ptr=0x8273e80 end=0x8273f37 len=183
0000: 02 01 02 63 81 b1 04 1d 64 63 3d 64 6e 73 2c 64 ...c....dc=dns,d
0010: 63 3d 6e 61 6d 65 73 65 72 76 65 72 73 2c 64 63 c=nameservers,dc
0020: 3d 52 4f 4f 54 0a 01 02 0a 01 03 02 01 00 02 01 =ROOT...........
0030: 00 01 01 00 a0 7f a3 18 04 0b 6f 62 6a 65 63 74 ..........object
0040: 43 6c 61 73 73 04 09 64 4e 53 44 6f 6d 61 69 6e Class..dNSDomain
0050: a4 21 04 10 61 73 73 6f 63 69 61 74 65 64 44 6f .!..associatedDo
0060: 6d 61 69 6e 30 0d 82 0b 63 6f 72 73 61 72 69 6f main0...corsario
0070: 2e 70 6c a3 13 04 0a 63 75 73 74 6f 6d 65 72 49 .pl....customerI
0080: 44 04 05 31 30 31 32 35 87 09 53 4f 41 52 65 63 D..10125..SOARec
0090: 6f 72 64 87 08 4e 53 52 65 63 6f 72 64 a3 16 04 ord..NSRecord...
00a0: 0e 74 6f 70 4c 65 76 65 6c 44 6f 6d 61 69 6e 04 .topLevelDomain.
00b0: 04 54 52 55 45 30 00 .TRUE0.
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
conn=0 op=1 do_search
ber_scanf fmt ({miiiib) ber:
ber_dump: buf=0x8273e80 ptr=0x8273e83 end=0x8273f37 len=180
0000: 63 81 b1 04 1d 64 63 3d 64 6e 73 2c 64 63 3d 6e c....dc=dns,dc=n
0010: 61 6d 65 73 65 72 76 65 72 73 2c 64 63 3d 52 4f ameservers,dc=RO
0020: 4f 54 0a 01 02 0a 01 03 02 01 00 02 01 00 01 01 OT..............
0030: 00 a0 7f a3 18 04 0b 6f 62 6a 65 63 74 43 6c 61 .......objectCla
0040: 73 73 04 09 64 4e 53 44 6f 6d 61 69 6e a4 21 04 ss..dNSDomain.!.
0050: 10 61 73 73 6f 63 69 61 74 65 64 44 6f 6d 61 69 .associatedDomai
0060: 6e 30 0d 82 0b 63 6f 72 73 61 72 69 6f 2e 70 6c n0...fakedomain.com
0070: a3 13 04 0a 63 75 73 74 6f 6d 65 72 49 44 04 05 ....customerID..
0080: 31 30 31 32 35 87 09 53 4f 41 52 65 63 6f 72 64 10125..SOARecord
0090: 87 08 4e 53 52 65 63 6f 72 64 a3 16 04 0e 74 6f ..NSRecord....to
00a0: 70 4c 65 76 65 6c 44 6f 6d 61 69 6e 04 04 54 52 pLevelDomain..TR
00b0: 55 45 30 00 UE0.
>>> dnPrettyNormal: <dc=dns,dc=nameservers,dc=ROOT>
=> ldap_bv2dn(dc=dns,dc=nameservers,dc=ROOT,0)
<= ldap_bv2dn(dc=dns,dc=nameservers,dc=ROOT)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=dns,dc=nameservers,dc=ROOT)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(dc=dns,dc=nameservers,dc=root)=0
<<< dnPrettyNormal: <dc=dns,dc=nameservers,dc=ROOT>, <dc=dns,dc=nameservers,dc=root>
SRCH "dc=dns,dc=nameservers,dc=ROOT" 2 3 0 0 0
begin get_filter
AND
begin get_filter_list
begin get_filter
EQUALITY
ber_scanf fmt ({mm}) ber:
ber_dump: buf=0x8273e80 ptr=0x8273eb6 end=0x8273f37 len=129
0000: a3 18 04 0b 6f 62 6a 65 63 74 43 6c 61 73 73 04 ....objectClass.
0010: 09 64 4e 53 44 6f 6d 61 69 6e a4 21 04 10 61 73 .dNSDomain.!..as
0020: 73 6f 63 69 61 74 65 64 44 6f 6d 61 69 6e 30 0d sociatedDomain0.
0030: 82 0b 63 6f 72 73 61 72 69 6f 2e 70 6c a3 13 04 ..fakedomain.com...
0040: 0a 63 75 73 74 6f 6d 65 72 49 44 04 05 31 30 31 .customerID..101
0050: 32 35 87 09 53 4f 41 52 65 63 6f 72 64 87 08 4e 25..SOARecord..N
0060: 53 52 65 63 6f 72 64 a3 16 04 0e 74 6f 70 4c 65 SRecord....topLe
0070: 76 65 6c 44 6f 6d 61 69 6e 04 04 54 52 55 45 30 velDomain..TRUE0
0080: 00 .
end get_filter 0
begin get_filter
SUBSTRINGS
begin get_ssa
ber_scanf fmt ({m) ber:
ber_dump: buf=0x8273e80 ptr=0x8273ed0 end=0x8273f37 len=103
0000: 00 21 04 10 61 73 73 6f 63 69 61 74 65 64 44 6f .!..associatedDo
0010: 6d 61 69 6e 30 0d 82 0b 63 6f 72 73 61 72 69 6f main0...corsario
0020: 2e 70 6c a3 13 04 0a 63 75 73 74 6f 6d 65 72 49 .pl....customerI
0030: 44 04 05 31 30 31 32 35 87 09 53 4f 41 52 65 63 D..10125..SOARec
0040: 6f 72 64 87 08 4e 53 52 65 63 6f 72 64 a3 16 04 ord..NSRecord...
0050: 0e 74 6f 70 4c 65 76 65 6c 44 6f 6d 61 69 6e 04 .topLevelDomain.
0060: 04 54 52 55 45 30 00 .TRUE0.
ber_scanf fmt (m) ber:
ber_dump: buf=0x8273e80 ptr=0x8273ee6 end=0x8273f37 len=81
0000: 82 0b 63 6f 72 73 61 72 69 6f 2e 70 6c a3 13 04 ..fakedomain.com...
0010: 0a 63 75 73 74 6f 6d 65 72 49 44 04 05 31 30 31 .customerID..101
0020: 32 35 87 09 53 4f 41 52 65 63 6f 72 64 87 08 4e 25..SOARecord..N
0030: 53 52 65 63 6f 72 64 a3 16 04 0e 74 6f 70 4c 65 SRecord....topLe
0040: 76 65 6c 44 6f 6d 61 69 6e 04 04 54 52 55 45 30 velDomain..TRUE0
0050: 00 .
FINAL
end get_ssa
end get_filter 0
begin get_filter
EQUALITY
ber_scanf fmt ({mm}) ber:
ber_dump: buf=0x8273e80 ptr=0x8273ef3 end=0x8273f37 len=68
0000: 00 13 04 0a 63 75 73 74 6f 6d 65 72 49 44 04 05 ....customerID..
0010: 31 30 31 32 35 87 09 53 4f 41 52 65 63 6f 72 64 10125..SOARecord
0020: 87 08 4e 53 52 65 63 6f 72 64 a3 16 04 0e 74 6f ..NSRecord....to
0030: 70 4c 65 76 65 6c 44 6f 6d 61 69 6e 04 04 54 52 pLevelDomain..TR
0040: 55 45 30 00 UE0.
end get_filter 0
begin get_filter
PRESENT
ber_scanf fmt (m) ber:
ber_dump: buf=0x8273e80 ptr=0x8273f08 end=0x8273f37 len=47
0000: 00 09 53 4f 41 52 65 63 6f 72 64 87 08 4e 53 52 ..SOARecord..NSR
0010: 65 63 6f 72 64 a3 16 04 0e 74 6f 70 4c 65 76 65 ecord....topLeve
0020: 6c 44 6f 6d 61 69 6e 04 04 54 52 55 45 30 00 lDomain..TRUE0.
end get_filter 0
begin get_filter
PRESENT
ber_scanf fmt (m) ber:
ber_dump: buf=0x8273e80 ptr=0x8273f13 end=0x8273f37 len=36
0000: 00 08 4e 53 52 65 63 6f 72 64 a3 16 04 0e 74 6f ..NSRecord....to
0010: 70 4c 65 76 65 6c 44 6f 6d 61 69 6e 04 04 54 52 pLevelDomain..TR
0020: 55 45 30 00 UE0.
end get_filter 0
begin get_filter
EQUALITY
ber_scanf fmt ({mm}) ber:
ber_dump: buf=0x8273e80 ptr=0x8273f1d end=0x8273f37 len=26
0000: 00 16 04 0e 74 6f 70 4c 65 76 65 6c 44 6f 6d 61 ....topLevelDoma
0010: 69 6e 04 04 54 52 55 45 30 00 in..TRUE0.
end get_filter 0
end get_filter_list
end get_filter 0
filter: (&(objectClass=dNSDomain)(associatedDomain=*fakedomain.com)(customerID=10125)(sOARecord=*)(nSRecord=*)(topLevelDomain=TRUE))
ber_scanf fmt ({M}}) ber:
ber_dump: buf=0x8273e80 ptr=0x8273f35 end=0x8273f37 len=2
0000: 00 00 ..
attrs:
conn=0 op=1 SRCH base="dc=dns,dc=nameservers,dc=ROOT" scope=2 deref=3 filter="(&(objectClass=dNSDomain)(associatedDomain=*fakedomain.com)(customerID=10125)(sOARecord=*)(nSRecord=*)(topLevelDomain=TRUE))"
=> bdb_search
bdb_dn2entry("dc=dns,dc=nameservers,dc=root")
=> bdb_dn2id("dc=nameservers,dc=root")
<= bdb_dn2id: got id=0x4
=> bdb_dn2id("dc=dns,dc=nameservers,dc=root")
<= bdb_dn2id: got id=0x5
entry_decode: "dc=dns,dc=nameservers,dc=ROOT"
<= entry_decode(dc=dns,dc=nameservers,dc=ROOT)
=> access_allowed: search access to "dc=dns,dc=nameservers,dc=ROOT" "entry" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
search_candidates: base="dc=dns,dc=nameservers,dc=root" (0x00000005) scope=2
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (objectClass)
=> key_read
bdb_idl_fetch_key: [01872a84]
<= bdb_index_read: failed (-30990)
<= bdb_equality_candidates: id=0, first=0, last=0
<= bdb_filter_candidates: id=0 first=0 last=0
=> bdb_dn2idl("dc=dns,dc=nameservers,dc=root")
bdb_idl_fetch_key: @dc=dns,dc=nameservers,dc=root
<= bdb_dn2idl: id=4010 first=5 last=13487
=> bdb_filter_candidates
AND
=> bdb_list_candidates 0xa0
=> bdb_filter_candidates
OR
=> bdb_list_candidates 0xa1
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (objectClass)
=> key_read
bdb_idl_fetch_key: [b49dA1940]
<= bdb_index_read: failed (-30990)
<= bdb_equality_candidates: id=0, first=0, last=0
<= bdb_filter_candidates: id=0 first=0 last=0
=> bdb_filter_candidates
AND
=> bdb_list_candidates 0xa0
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (objectClass)
=> key_read
bdb_idl_fetch_key: [a45a345e]
<= bdb_index_read 4049 candidates
<= bdb_equality_candidates: id=4049, first=6, last=13487
<= bdb_filter_candidates: id=4049 first=6 last=13487
=> bdb_filter_candidates
SUBSTRINGS
=> bdb_substring_candidates (associatedDomain)
=> key_read
bdb_idl_fetch_key: [612e9033]
<= bdb_index_read 1127 candidates
=> key_read
bdb_idl_fetch_key: [0ba8920a]
<= bdb_index_read 46 candidates
=> key_read
bdb_idl_fetch_key: [003a7d56]
<= bdb_index_read 63 candidates
=> key_read
bdb_idl_fetch_key: [d9fbeb39]
<= bdb_index_read 63 candidates
=> key_read
bdb_idl_fetch_key: [5eaf4814]
<= bdb_index_read 29 candidates
<= bdb_substring_candidates: 29, first=5287, last=12929
<= bdb_filter_candidates: id=29 first=5287 last=12929
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (customerID)
=> key_read
bdb_idl_fetch_key: [8000278d]
<= bdb_index_read 125 candidates
=> key_read
bdb_idl_fetch_key: [0ba8920a]
<= bdb_index_read: failed (-30990)
Segmentation fault
===============================================
=================================================
12 years, 7 months
Delta-syncrepl issue
by Kieran JOYEUX
Hi guys,
I got an issue setting up a delta-syncrepl replication. It's Here is my
provider and consumer syslog output. Do you have any ideas of what's
going on, or a clue to lead my search, i'll be really grateful... I kind
have a headache right now...
Thanks a lot for your help.
Regards,
Kin
--------------------------------------------------------------
Provider's syslog-------------------------------------
May 30 18:02:35 bom-ldap1 slapd[17515]: conn=68 op=1 SRCH
base="cn=accesslog" scope=2 deref=0
filter="(&(objectClass=auditWriteObject)(reqResult=0))"
May 30 18:02:35 bom-ldap1 slapd[17515]: conn=68 op=1 SRCH attr=reqDN
reqType reqMod reqNewRDN reqDeleteOldRDN reqNewSuperior entryCSN
May 30 18:02:35 bom-ldap1 slapd[17515]: findbase failed! 32
May 30 18:02:35 bom-ldap1 slapd[17515]: conn=68 op=1 SEARCH RESULT
tag=101 err=32 nentries=0 text=
May 30 18:02:35 bom-ldap1 slapd[17515]: conn=68 op=2 UNBIND
May 30 18:02:35 bom-ldap1 slapd[17515]: conn=68 fd=19 closed
May 30 18:03:35 bom-ldap1 slapd[17515]: conn=69 fd=19 ACCEPT from
IP=192.168.3.62:38515 (IP=192.168.3.61:636)
May 30 18:03:35 bom-ldap1 slapd[17515]: conn=69 fd=19 TLS established
tls_ssf=256 ssf=256
May 30 18:03:35 bom-ldap1 slapd[17515]: conn=69 op=0 BIND
dn="cn=admin,dc=*********,dc=com" method=128
May 30 18:03:35 bom-ldap1 slapd[17515]: conn=69 op=0 BIND
dn="cn=admin,dc=*********,dc=com" mech=SIMPLE ssf=0
May 30 18:03:35 bom-ldap1 slapd[17515]: conn=69 op=0 RESULT tag=97 err=0
text=
-----------------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------Consumer's syslog
-------------------------------------------------------------------
May 30 17:58:50 bom-ldap2 slapd[25741]: do_syncrep2: rid=000 (32) No
such object
May 30 17:58:50 bom-ldap2 slapd[25741]: do_syncrepl: rid=000 retrying
-----------------------------------------------------------------------------------------------------------------------------------------------
------------------------------------Provider's slapd.conf
----------------------------------
access to *
by dn.base="cn=replicator,ou=admins,dc=*****,dc=com" read
by * break
# Accesslog database definitions
---------------------------------------------
database hdb
suffix cn=accesslog
directory /usr/local/openldap-2.4.9//var/accesslog
rootdn cn=accesslog
rootpw *****
index default eq
index entryCSN,objectClass,reqEnd,reqResult,reqStart
overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE
# Let the replica DN have limitless searches
limits dn.exact="cn=replicator,ou=admins,dc=*****,dc=com"
time.soft=unlimited time.hard=unlimited size.soft=unlimited
size.hard=unlimited
#######################################################################
# BDB database definitions
#######################################################################
...........
************************************
database config
************************************
............
index entryCSN eq
index entryUUID eq
#syncrepl Provider for primary db
overlay syncprov
syncprov-checkpoint 1000 60
#accesslog overlay definitions for primary db
overlay accesslog
logdb cn=accesslog
logops writes
logsuccess TRUE
#scan the accesslog DB every day, and purge entries older than 7 days
logpurge 07+00:00 01+00:00
#Let the replica DN have limitless searches
limits dn.exact="cn=replicator,ou=admins,dc=*****,dc=com"
time.soft=unlimited time.hard=unlimited size.soft=unlimited
size.hard=unlimited
---------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------Consumer's slapd.conf
--------------------------------------------
index entryUUID eq
# syncrepl specific indices
syncrepl rid=0
provider=ldaps://bom-ldap1.*****.com:636
bindmethod=simple
binddn="cn=admin,dc=*****,dc=com"
credentials=*****
searchbase="dc=*****,dc=com"
logbase="cn=accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
schemachecking=on
type=refreshAndPersist
retry="60 +"
syncdata=accesslog
# Refer updates to the master
updateref ldaps://bom-ldap1.*****:636
---------------------------------------------------------------------------------------------------------------------------------
12 years, 7 months
relative speed of writes
by Jason Dusek
What is the relative complexity of reads and writes in
OpenLDAP? Are modifications as expensive as creations? I'm
aware that writes are not as cheap as reads, and anecdotally
I've seen figures like ten-to-one -- the usual justification
being that writes force the lookup tree to be rebalanced.
Which lookup tree? The articles I've read (their URL escapes
me at the moment) don't really say, but I assume it's the DN
lookup tree.
I'd like to know:
o How does the complexity of creation vary? Maybe the tree is
rebalanced only once in awhile.
o Do attribute modifications have the same complexity as
creation? Probably not, if the issue is rebalancing the DN
lookup tree.
I will be able to ask more intelligent questions in the coming
month, when I put together benchmarks and actually learn the
OpenLDAP API -- so I have not asked for any ratios, for
example (comparing number of `ldap_search_ext()` requests to
number of `ldap_mod_ext()` requests is disingenuous, since the
latter gets a DN to start with and the former does not.)
At this point, I'm working out a proposal to propose another
proposal for using LDAP for horizontally scalable storage of
small records -- I need to be able to say something about
write performance, but I'm not able to put work into the
benchmarking yet.
--
_jsn
12 years, 7 months