[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7047) slapd crash on bad indexed translucent
On 09/21/2011 09:38 PM, Pierangelo Masarati wrote:
> Can you reproduce with latest release/master? Can you provide a minimal
> configuration+data that allows to reproduce the issue?
>
> p.
>
Hello Pierangelo,
We are in the middle of several migration processes and i don't have the
time to dig further into this issue right now, particularly in regard to
trying latest/master.
I can however serve you with some extra data.
our LDAP infrastructure is like this:
1 master (provider) ----- 2 slaves (consumer) ----- 2 proxys
But the problem is happening in another server, which as a translucent
overlay and several other very small local databases.
that server configuration file is
--- snip ---
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/rfc2307bis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/unl.schema
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/qmail.schema
include /etc/ldap/schema/sudo.schema
include /etc/ldap/schema/RADIUS-LDAPv3.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/hdb.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 256
idletimeout 600
threads 8
modulepath /usr/lib/ldap
moduleload back_hdb
moduleload memberof
moduleload dynlist
moduleload back_ldap
moduleload translucent
TLSCertificateFile /etc/ssl/certs/ldap.fct.unl.pt-2010-01-12.crt
TLSCertificateKeyFile /etc/ssl/certs/ldap.fct.unl.pt-2010-01-12.key
TLSCACertificateFile /etc/ssl/certs/ca-bundle.crt
backend ldap
sizelimit 100
timelimit unlimited
include /etc/ldap/cdstaff.conf
database hdb
suffix "dc=unl,dc=pt"
rootdn cn=cdstaff,dc=unl,dc=pt
directory "/var/lib/ldap/dc=unl,dc=pt"
lastmod on
include /etc/ldap/acls.conf
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by dn.regex="cn=cpdunl,dc=unl,dc=pt" write
by dn.regex="cn=readercpdunl,dc=unl,dc=pt" read
by dn.regex="cn=cdstaff,dc=unl,dc=pt" write
by self read
by anonymous auth
by * none
access to *
by dn.regex="cn=cpdunl,dc=unl,dc=pt" write
by dn.regex="cn=cdstaff,dc=unl,dc=pt" write
by * read
index entryCSN eq
index entryUUID eq
index objectClass eq
index uniqueIdentifier eq
index displayName eq
index uidNumber eq
index gidNumber eq
index title eq
index uid eq,pres,sub,subinitial,subany,subfinal
index member eq,pres
index memberOf eq,pres
index cn eq,sub,subinitial
index sambaSID eq,pres,sub
index sambaPrimaryGroupSID eq,pres
index sambaSIDList eq,pres
index sambaGroupType eq
index memberUid eq
index uniqueMember eq
index sambaDomainName eq,pres
index qmailUID eq
index qmailGID eq
index accountStatus eq
index modifytimestamp eq
index mailForwardingAddress eq
index mail pres,eq,approx,sub
index mailAlternateAddress pres,eq,approx,sub
index mailHost pres,eq
index radiusGroupName eq
index sudoUser eq
index krb5PrincipalName eq
overlay translucent
uri "ldap://ldap1.fct.unl.pt ldap://ldap2.fct.unl.pt";
acl-bind binddn="cn=readercpdunl,dc=unl,dc=pt" credentials="h2qev49%71"
translucent_strict
translucent_local
sambaAcctFlags,sambaAlgorithmicRidBase,sambaBadPasswordCount,sambaBadPasswordTime,sambaDomainName,sambaGroupType,sambaHomeDrive,sambaHomePath,sambaKickoffTime,sambaLogoffTime,sambaLogonHours,sambaLogonScript,sambaLogonTime,sambaMungedDial,sambaNextGroupRid,sambaNextRid,sambaNextUserRid,sambaPasswordHistory,sambaPrimaryGroupSID,sambaProfilePath,sambaPwdCanChange,sambaPwdLastSet,sambaPwdMustChange,sambaSID,sambaSIDList,sambaUserWorkstations
--- snip ---
That /etc/ldap/cdstaff.conf file contains the definitions of several
local databases, which use no other overlays or special configuration.
Its content is
--- snip ---
database hdb
suffix "sambaDomainName=STAFF,dc=fct,dc=unl,dc=pt"
rootdn "cn=cdstaff,dc=unl,dc=pt"
directory "/var/lib/ldap/sambaDomainName=STAFF,dc=fct,dc=unl,dc=pt"
index
objectClass,sambaSID,sambaDomainName,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn
eq
lastmod on
access to dn.base="sambaDomainName=STAFF,dc=fct,dc=unl,dc=pt" by * read
access to *
by dn="cn=cpdunl,dc=unl,dc=pt" write
by dn="cn=readercpdunl,dc=unl,dc=pt" write
by dn="cn=cdstaff,dc=unl,dc=pt" write
by * read
subordinate
database hdb
suffix "ou=machines,dc=fct,dc=unl,dc=pt"
rootdn "cn=cdstaff,dc=unl,dc=pt"
directory "/var/lib/ldap/ou=machines,dc=fct,dc=unl,dc=pt"
index
objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn
eq
lastmod on
access to dn.base="ou=machines,dc=fct,dc=unl,dc=pt"
by * read
access to *
by dn="cn=cpdunl,dc=unl,dc=pt" write
by dn="cn=readercpdunl,dc=unl,dc=pt" write
by dn="cn=cdstaff,dc=unl,dc=pt" write
by * read
subordinate
database hdb
suffix "cn=Administrator,ou=agentes,dc=fct,dc=unl,dc=pt"
rootdn "cn=cdstaff,dc=unl,dc=pt"
directory "/var/lib/ldap/cn=Administrator,ou=agentes,dc=fct,dc=unl,dc=pt"
index
objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn
eq
lastmod on
access to dn.base="cn=Administrator,ou=agentes,dc=fct,dc=unl,dc=pt"
by * read
access to *
by dn="cn=cpdunl,dc=unl,dc=pt" write
by dn="cn=readercpdunl,dc=unl,dc=pt" write
by dn="cn=cdstaff,dc=unl,dc=pt" write
by * read
subordinate
database hdb
suffix "cn=Domain Admins,ou=grupos,dc=fct,dc=unl,dc=pt"
rootdn "cn=cdstaff,dc=unl,dc=pt"
directory "/var/lib/ldap/cn=Domain Admins,ou=grupos,dc=fct,dc=unl,dc=pt"
index
objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn
eq
lastmod on
access to dn.base="cn=Domain Admins,ou=grupos,dc=fct,dc=unl,dc=pt"
by * read
access to *
by dn="cn=cpdunl,dc=unl,dc=pt" write
by dn="cn=readercpdunl,dc=unl,dc=pt" write
by dn="cn=cdstaff,dc=unl,dc=pt" write
by * read
subordinate
database hdb
suffix "cn=Domain Users,ou=grupos,dc=fct,dc=unl,dc=pt"
rootdn "cn=cdstaff,dc=unl,dc=pt"
directory "/var/lib/ldap/cn=Domain Users,ou=grupos,dc=fct,dc=unl,dc=pt"
index
objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn
eq
lastmod on
access to dn.base=""
by * read
access to *
by dn="cn=cpdunl,dc=unl,dc=pt" write
by dn="cn=readercpdunl,dc=unl,dc=pt" write
by dn="cn=cdstaff,dc=unl,dc=pt" write
by * read
subordinate
database hdb
suffix "cn=Domain Guests,ou=grupos,dc=fct,dc=unl,dc=pt"
rootdn "cn=cdstaff,dc=unl,dc=pt"
directory "/var/lib/ldap/cn=Domain Guests,ou=grupos,dc=fct,dc=unl,dc=pt"
index
objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn
eq
lastmod on
access to dn.base=""
by * read
access to *
by dn="cn=cpdunl,dc=unl,dc=pt" write
by dn="cn=readercpdunl,dc=unl,dc=pt" write
by dn="cn=cdstaff,dc=unl,dc=pt" write
by * read
subordinate
database hdb
suffix "cn=Domain Computers,ou=grupos,dc=fct,dc=unl,dc=pt"
rootdn "cn=cdstaff,dc=unl,dc=pt"
directory "/var/lib/ldap/cn=Domain
Computers,ou=grupos,dc=fct,dc=unl,dc=pt"
index
objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn
eq
lastmod on
access to dn.base="cn=Domain Computers,ou=grupos,dc=fct,dc=unl,dc=pt"
by * read
access to *
by dn="cn=cpdunl,dc=unl,dc=pt" write
by dn="cn=readercpdunl,dc=unl,dc=pt" write
by dn="cn=cdstaff,dc=unl,dc=pt" write
by * read
subordinate
database hdb
suffix "cn=Administrators,ou=grupos,dc=fct,dc=unl,dc=pt"
rootdn "cn=cdstaff,dc=unl,dc=pt"
directory "/var/lib/ldap/cn=Administrators,ou=grupos,dc=fct,dc=unl,dc=pt"
index
objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn
eq
lastmod on
access to dn.base="cn=Domain Guests,ou=grupos,dc=fct,dc=unl,dc=pt"
by * read
access to *
by dn="cn=cpdunl,dc=unl,dc=pt" write
by dn="cn=readercpdunl,dc=unl,dc=pt" write
by dn="cn=cdstaff,dc=unl,dc=pt" write
by * read
subordinate
database hdb
suffix "cn=Users,ou=grupos,dc=fct,dc=unl,dc=pt"
rootdn "cn=cdstaff,dc=unl,dc=pt"
directory "/var/lib/ldap/cn=Users,ou=grupos,dc=fct,dc=unl,dc=pt"
index
objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn
eq
lastmod on
access to dn.base=""
by * read
access to *
by dn="cn=cpdunl,dc=unl,dc=pt" write
by dn="cn=readercpdunl,dc=unl,dc=pt" write
by dn="cn=cdstaff,dc=unl,dc=pt" write
by * read
subordinate
database hdb
suffix "cn=Guests,ou=grupos,dc=fct,dc=unl,dc=pt"
rootdn "cn=cdstaff,dc=unl,dc=pt"
directory "/var/lib/ldap/cn=Guests,ou=grupos,dc=fct,dc=unl,dc=pt"
index
objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn
eq
lastmod on
access to dn.base=""
by * read
access to *
by dn="cn=cpdunl,dc=unl,dc=pt" write
by dn="cn=readercpdunl,dc=unl,dc=pt" write
by dn="cn=cdstaff,dc=unl,dc=pt" write
by * read
subordinate
database hdb
suffix "cn=Account Operators,ou=grupos,dc=fct,dc=unl,dc=pt"
rootdn "cn=cdstaff,dc=unl,dc=pt"
directory "/var/lib/ldap/cn=Account
Operators,ou=grupos,dc=fct,dc=unl,dc=pt"
index
objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn
eq
lastmod on
access to dn.base=""
by * read
access to *
by dn="cn=cpdunl,dc=unl,dc=pt" write
by dn="cn=readercpdunl,dc=unl,dc=pt" write
by dn="cn=cdstaff,dc=unl,dc=pt" write
by * read
subordinate
database hdb
suffix "cn=Print Operators,ou=grupos,dc=fct,dc=unl,dc=pt"
rootdn "cn=cdstaff,dc=unl,dc=pt"
directory "/var/lib/ldap/cn=Print
Operators,ou=grupos,dc=fct,dc=unl,dc=pt"
index
objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn
eq
lastmod on
access to dn.base=""
by * read
access to *
by dn="cn=cpdunl,dc=unl,dc=pt" write
by dn="cn=readercpdunl,dc=unl,dc=pt" write
by dn="cn=cdstaff,dc=unl,dc=pt" write
by * read
subordinate
database hdb
suffix "cn=Backup Operators,ou=grupos,dc=fct,dc=unl,dc=pt"
rootdn "cn=cdstaff,dc=unl,dc=pt"
directory "/var/lib/ldap/cn=Backup
Operators,ou=grupos,dc=fct,dc=unl,dc=pt"
index
objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn
eq
lastmod on
access to dn.base=""
by * read
access to *
by dn="cn=cpdunl,dc=unl,dc=pt" write
by dn="cn=readercpdunl,dc=unl,dc=pt" write
by dn="cn=cdstaff,dc=unl,dc=pt" write
by * read
subordinate
database hdb
suffix "cn=Replicators,ou=grupos,dc=fct,dc=unl,dc=pt"
rootdn "cn=cdstaff,dc=unl,dc=pt"
directory "/var/lib/ldap/cn=Replicators,ou=grupos,dc=fct,dc=unl,dc=pt"
index
objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn
eq
lastmod on
access to dn.base=""
by * read
access to *
by dn="cn=cpdunl,dc=unl,dc=pt" write
by dn="cn=readercpdunl,dc=unl,dc=pt" write
by dn="cn=cdstaff,dc=unl,dc=pt" write
by * read
subordinate
--- snip ---
Some entry examples follow
On the central LDAP infrastructure:
hm@DIVINF-PC15:~$ ldapsearch -b "ou=agentes,dc=fct,dc=unl,dc=pt" -x -h
ldap.fct.unl.pt "uid=hmmm" -LL
version: 1
dn: uniqueIdentifier=15093,ou=agentes,dc=fct,dc=unl,dc=pt
mailQuotaSize: 10737418240
radiusGroupName: Adm
deliveryMode: noreply
mailReplyText:: TWVuc2FnZW0gZGUgYXV0by1yZXBseSBwYXJhIHRlc3RlLg0K
uid: hmmm
gidNumber: 1000
homeDirectory: /home/agentes/15093
loginShell: /bin/customshell
givenName: Hugo
sn: Monteiro
gecos: Hugo Miguel Marques Monteiro
cn: Hugo Monteiro
displayName: Hugo Monteiro
uidNumber: 15093
objectClass: top
objectClass: uidObject
objectClass: agenteUNL
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
objectClass: krb5Principal
objectClass: krb5KDCEntry
objectClass: qmailUser
objectClass: radiusprofile
uniqueIdentifier: 15093
title: Trabalhador FCT
title: Aluno LEI-FCT
accountStatus: active
mailHost: mailstrg2.ci.fct.unl.pt
qmailGID: 1000
qmailUID: 15093
mail: hmmm@fct.unl.pt
mailAlternateAddress: hmmm@students.fct.unl.pt
mailAlternateAddress: hugo.monteiro@fct.unl.pt
mailForwardingAddress: fctunl-teste@fct.unl.pt
krb5KDCFlags: 126
krb5PrincipalName: hmmm@FCT.UNL.PT
sambaSID: S-1-5-21-588362536-2687990616-3095848848-30186
sambaPrimaryGroupSID: S-1-5-21-588362536-2687990616-3095848848-513
sambaHomeDrive: H:
sambaLogonScript: logon.bat
sambaAcctFlags: [UX ]
sambaPwdLastSet: 1317217397
krb5KeyVersionNumber: 11
that same entry after translucent
hm@DIVINF-PC15:~$ ldapsearch -b "ou=agentes,dc=fct,dc=unl,dc=pt" -x -h
cdstaff.fct.unl.pt "uid=hmmm" -LL
version: 1
dn: uniqueIdentifier=15093,ou=agentes,dc=fct,dc=unl,dc=pt
mailQuotaSize: 10737418240
radiusGroupName: Adm
deliveryMode: noreply
mailReplyText:: TWVuc2FnZW0gZGUgYXV0by1yZXBseSBwYXJhIHRlc3RlLg0K
uid: hmmm
gidNumber: 1000
homeDirectory: /home/agentes/15093
loginShell: /bin/customshell
givenName: Hugo
sn: Monteiro
gecos: Hugo Miguel Marques Monteiro
cn: Hugo Monteiro
displayName: Hugo Monteiro
uidNumber: 15093
objectClass: top
objectClass: uidObject
objectClass: agenteUNL
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
objectClass: qmailUser
objectClass: radiusprofile
objectClass: krb5Principal
objectClass: krb5KDCEntry
uniqueIdentifier: 15093
title: Trabalhador FCT
title: Aluno LEI-FCT
accountStatus: active
mailHost: mailstrg2.ci.fct.unl.pt
qmailGID: 1000
qmailUID: 15093
mail: hmmm@fct.unl.pt
mailAlternateAddress: hmmm@students.fct.unl.pt
mailAlternateAddress: hugo.monteiro@fct.unl.pt
mailForwardingAddress: fctunl-teste@fct.unl.pt
krb5KDCFlags: 126
krb5PrincipalName: hmmm@FCT.UNL.PT
sambaSID: S-1-5-21-1327543176-3185848629-1254536839-31186
sambaPrimaryGroupSID: S-1-5-21-1327543176-3185848629-1254536839-513
sambaHomeDrive: H:
sambaLogonScript: logon.bat
sambaAcctFlags: [UX ]
sambaPwdLastSet: 1317217397
krb5KeyVersionNumber: 11
and finaly just the local part to the problematic server
dn: uniqueIdentifier=15093,ou=agentes,dc=fct,dc=unl,dc=pt
uidNumber: 15093
sambaSID: S-1-5-21-1327543176-3185848629-1254536839-31186
sambaHomeDrive: H:
sambaLogonScript: logon.bat
sambaAcctFlags: [UX ]
sambaPrimaryGroupSID: S-1-5-21-1327543176-3185848629-1254536839-513
We noticed that the crash would also happen if the query was like
(&(uid=*)(objectClass=sambaSamAccount)), BUT is does not happen every
time. Happens mostly when there is more usage, but nothing like high
loads or anything. We've had problems every morning, around 9am, when
everyone would login to their workstation. I then gave the VM more
resources and since 2 days ago there has been no problem (so far).
I would love to be able to help a bit more, perhaps with a core file,
but i'm really lacking time atm. I will try to provide a core in a
couple of days or so. Let me know if there is any special way to collect
the information you need.
Best regards,
Hugo Monteiro.
--
fct.unl.pt:~# cat .signature
Hugo Monteiro
Email : hugo.monteiro@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web : http://hmonteiro.net
Divisão de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.fct.unl.pt apoio@fct.unl.pt
fct.unl.pt:~# _