16 Dec
2017
16 Dec
'17
5:30 a.m.
Scott Koch wrote:
We have seen 15 or so instances of this issue and in all cases the last LDAP operations follow the same pattern where there is an ABANDON and UNBIND, then there is a SRCH operation. See log output below of full connection for the client that performs the last operation.
Of course slapd should not crash but...
http://ldap1.example.com slapd[26514]: conn=873638 op=2 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(&(?objectClass=sudoRole)(|(!(?sudoHost=*))(?sudoHost=ALL)(?sudoHost=node1713.example.com
^ ^ ^ ...the question mark before 'sudoHost' indicates that the sudo-ldap schema is missing on this particular slapd instance (specifically attribute type 'sudoHost' unknown).
In former times I've also experienced a provider crashing in case the consumer did not have the same schema yet.
Ciao, Michael.