OpenLDAP crash when defining multiple olcDbURI for chaining - openldap-technical

8 Sep 2014


      Hello list,
I am trying to setup referral chaining in a multi-master setup. I can 
setup chaining to one of the masters without any problems. And I can 
perform a MOD operation that is then referral chased and performed on 
the master.
However, when I define both masters the replica crashes when I do a MOD 
operation.
Snippet of cn=config from the working example:
dn: 
olcDatabase={1}ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcLDAPConfig
objectClass: olcChainDatabase
olcDatabase: {1}ldap
olcDbStartTLS: start  starttls=yes
olcDbIDAssertAuthzFrom: {0}*
olcDbRebindAsUser: FALSE
olcDbChaseReferrals: TRUE
olcDbTFSupport: no
olcDbProxyWhoAmI: FALSE
olcDbProtocolVersion: 3
olcDbSingleConn: FALSE
olcDbCancel: abandon
olcDbUseTemporaryConn: FALSE
olcDbConnectionPoolMax: 16
olcDbNoRefs: FALSE
olcDbNoUndefFilter: FALSE
olcDbURI: ldap://ldap-m1.example.com
olcDbIDAssertBind: mode=self flags=prescriptive,proxy-authz-non-critical 
bindmethod=simple timeout=0 network-timeout=0 
binddn="cn=admin,dc=example,dc=com" credentials="secret" keepalive=0:0:0 
starttls=yes tls_reqcert=allow
If I change olcDbURI to either of the entries below, the replica server 
crashes
* olcDbURI: "ldap://ldap-m1.example.com,ldap://ldap-m2.example.com"
* olcDbURI: "ldap://ldap-m1.example.com ldap://ldap-m2.example.com"
According to slapd-ldap(5), the URI list can be comma or space separated.
I've turned on "args" and "trace" debugging to troubleshoot, but never 
get any errors in the logs. I only see an attempt to chase the referral 
followed by an immediate crash (see log snippet at the end of email).
Finally, I'm running OpenLDAP 2.4.31 on Ubuntu Trusty, but was also able 
to replicate this same error on OpenLDAP 2.4.28 on Ubuntu Precise.
Any help is much appreciated.
--
Khosrow Ebrahimpour
Crash Log:
Sep  8 21:07:23 ldap-rep1 slapd[20947]: conn=1000 op=1 modifications:
Sep  8 21:07:23 ldap-rep1 slapd[20947]:         replace: givenName
Sep  8 21:07:23 ldap-rep1 slapd[20947]:                 one value, length 1
Sep  8 21:07:23 ldap-rep1 slapd[20947]: conn=1000 op=1 MOD 
dn="uid=user1,ou=people,dc=example,dc=com"
Sep  8 21:07:23 ldap-rep1 slapd[20947]: conn=1000 op=1 MOD attr=givenName
Sep  8 21:07:23 ldap-rep1 slapd[20947]: 
bdb_dn2entry("uid=user1,ou=people,dc=example,dc=com")
Sep  8 21:07:23 ldap-rep1 slapd[20947]: => 
hdb_dn2id("ou=people,dc=example,dc=com")
Sep  8 21:07:23 ldap-rep1 slapd[20947]: <= hdb_dn2id: got id=0x6
Sep  8 21:07:23 ldap-rep1 slapd[20947]: => 
hdb_dn2id("uid=user1,ou=people,dc=example,dc=com")
Sep  8 21:07:23 ldap-rep1 slapd[20947]: <= hdb_dn2id: got id=0xe
Sep  8 21:07:23 ldap-rep1 slapd[20947]: entry_decode: ""
Sep  8 21:07:23 ldap-rep1 slapd[20947]: <= entry_decode()
Sep  8 21:07:23 ldap-rep1 slapd[20947]: send_ldap_result: conn=1000 op=1 p=3
Sep  8 21:07:23 ldap-rep1 slapd[20947]: send_ldap_result: err=10 
matched="" text=""
Sep  8 21:07:23 ldap-rep1 slapd[20947]: send_ldap_result: 
referral="ldap://ldap-m1.example.com/uid=user1,ou=people,dc=example,dc=com"
Sep  8 21:07:23 ldap-rep1 slapd[20947]: >>> dnPrettyNormal: 
<uid=user1,ou=people,dc=example,dc=com>
Sep  8 21:07:23 ldap-rep1 slapd[20947]: <<< dnPrettyNormal: 
<uid=user1,ou=people,dc=example,dc=com>, 
<uid=user1,ou=people,dc=example,dc=com>
Sep  8 21:07:23 ldap-rep1 slapd[20947]: conn=1000 op=1 ldap_chain_op: 
ref="ldap://ldap-m1.example.com/uid=user1,ou=people,dc=example,dc=com" 
-> "ldap://ldap-m1.example.com"
Sep  8 21:09:02 ldap-rep1 slapd[21057]: @(#) $OpenLDAP: slapd (Ubuntu) 
(Mar 17 2014 21:20:08) $
buildd@aatxe:/build/buildd/openldap-2.4.31/debian/build/servers/slapd