On Thursday 10 January 2008 20:41:40 Howard Chu wrote:
Karsten Künne wrote:
Hi,
recently we ran into some problems with our OpenLDAP setup.
What version?
We're still at 2.3.37 but I checked CVS and the assert was still in there.
The reason for the crash is apparently that the search from the consumer went into the LDAP database and accessed AD and AD did what it usually does and sent back bogus referrals which triggered the assert :-(.
Now my question is, can we somehow avoid the replication search to travel into the AD LDAP database and second, isn't the assert at that point kinda bogus? It essentially tests for the same thing which the "if" statement before already tested.
The assert is probably bogus now, yes. That section of code was triggered so rarely that I needed to know if it happened at all, and why. (That assert was added November 2004. You're the first person to encounter it in more than 3 years.) Now we know - it happens when getting garbage back from AD...
I also noticed that in our cn=config tree for the BDB database (which is what we actually use for the configuration) the order of overlays in the provider is:
{0}glue {1}syncprov
Would it make a difference if we change that?
The answer to all questions of this nature is "try it and see."
I'll give it a shot. Logically it makes more sense to first provide the sync to the consumers and then glue the AD stuff together.
Karsten.