[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd-passwd backend problems

Hi all,

I'm attempting to set up a very simple passwd database backed slapd instance and can't seem to make it work reliably. A number of hours on google and experimenting with options has not been fruitful so far.

I'm running openldap 2.4.10 on FreeBSD 7.0


My slapd.conf looks like this:

##############################################
include         /usr/local/etc/openldap/schema/core.schema
loglevel        conns filter stats
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
modulepath      /usr/local/libexec/openldap
moduleload      back_passwd
moduleload      back_monitor

access to *
  by anonymous read

database        passwd
readonly        yes
suffix          "dc=example,dc=com"
rootdn          "cn=root,dc=example,dc=com"
rootpw          <passwod>

database monitor
##############################################

I am able to successfully start slapd and I can successfully query for a user by running the following command on the server itself:

ldapsearch -x -H ldap://127.0.0.1 -b 'dc=example,dc=com' 'uid=test'

which correctly returns the following details about the test user already in the system's passwd database:


##############################################
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: uid=test
# requesting: ALL
#

# test, example.com
dn: uid=test,dc=example,dc=com
objectClass: person
objectClass: uidObject
uid: test
cn: test
cn: Testy McTest
sn: test
sn: McTest
description: Testy McTest

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
##############################################


However, attempting an identical, additional query after the first one results in an empty search being returned:


##############################################
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: uid=test
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1
##############################################


I have experimented with many different options in slapd.conf and have not found anything that is able to mitigate this behaviour. The only way I have found to make an additional query work successfully is to restart slapd. After a restart, I can successfully make a single query again and then it stops returning a query result.

The debugging output from slapd when a query is successful looks like this:

##############################################
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: activity on 1 descriptor
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: activity on 1 descriptor
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: waked
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: listen=7, new connection on 8
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: added 8r (active) listener=0x0
Jun 16 13:19:29 newtcp8 slapd[11410]: conn=0 fd=8 ACCEPT from IP=127.0.0.1:59836 (IP=0.0.0.0:389)
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: activity on 1 descriptor
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: waked
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: activity on 1 descriptor
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: activity on:
Jun 16 13:19:29 newtcp8 slapd[11410]: 8r
Jun 16 13:19:29 newtcp8 slapd[11410]:
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: read activity on 8
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: activity on 1 descriptor
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: waked
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 16 13:19:29 newtcp8 slapd[11410]: conn=0 op=0 BIND dn="" method=128
Jun 16 13:19:29 newtcp8 slapd[11410]: conn=0 op=0 RESULT tag=97 err=0 text=
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: activity on 1 descriptor
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: activity on:
Jun 16 13:19:29 newtcp8 slapd[11410]: 8r
Jun 16 13:19:29 newtcp8 slapd[11410]:
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: read activity on 8
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: activity on 1 descriptor
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: waked
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 16 13:19:29 newtcp8 slapd[11410]: begin get_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: end get_filter 0
Jun 16 13:19:29 newtcp8 slapd[11410]: conn=0 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(uid=test)"
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:19:29 newtcp8 slapd[11410]: => test_filter
Jun 16 13:19:29 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:19:29 newtcp8 slapd[11410]: <= test_filter 6
Jun 16 13:19:29 newtcp8 slapd[11410]: conn=0 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: activity on 1 descriptor
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: activity on:
Jun 16 13:19:29 newtcp8 slapd[11410]: 8r
Jun 16 13:19:29 newtcp8 slapd[11410]:
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: read activity on 8
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 16 13:19:29 newtcp8 slapd[11410]: connection_read(8): input error=-2 id=0, closing.
Jun 16 13:19:29 newtcp8 slapd[11410]: conn=0 op=2 UNBIND
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: removing 8
Jun 16 13:19:29 newtcp8 slapd[11410]: conn=0 fd=8 closed
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: activity on 1 descriptor
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: waked
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 16 13:19:29 newtcp8 slapd[11410]: daemon: select: listen=7 active_threads=0 tvp=NULL
##############################################

and for an unsuccessful query looks like this:

##############################################
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: activity on 1 descriptor
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: select: listen=7 busy
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: listen=7, new connection on 8
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: added 8r (active) listener=0x0
Jun 16 13:22:21 newtcp8 slapd[11410]: conn=1 fd=8 ACCEPT from IP=127.0.0.1:64362 (IP=0.0.0.0:389)
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: activity on 1 descriptor
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: waked
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: activity on 1 descriptor
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: activity on:
Jun 16 13:22:21 newtcp8 slapd[11410]: 8r
Jun 16 13:22:21 newtcp8 slapd[11410]:
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: read activity on 8
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 16 13:22:21 newtcp8 slapd[11410]: conn=1 op=0 BIND dn="" method=128
Jun 16 13:22:21 newtcp8 slapd[11410]: conn=1 op=0 RESULT tag=97 err=0 text=
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: activity on 1 descriptor
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: waked
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: activity on 1 descriptor
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: activity on:
Jun 16 13:22:21 newtcp8 slapd[11410]: 8r
Jun 16 13:22:21 newtcp8 slapd[11410]:
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: read activity on 8
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 16 13:22:21 newtcp8 slapd[11410]: begin get_filter
Jun 16 13:22:21 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:22:21 newtcp8 slapd[11410]: end get_filter 0
Jun 16 13:22:21 newtcp8 slapd[11410]: conn=1 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(uid=test)"
Jun 16 13:22:21 newtcp8 slapd[11410]: => test_filter
Jun 16 13:22:21 newtcp8 slapd[11410]: EQUALITY
Jun 16 13:22:21 newtcp8 slapd[11410]: <= test_filter 5
Jun 16 13:22:21 newtcp8 slapd[11410]: conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: activity on 1 descriptor
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: waked
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: activity on 1 descriptor
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: activity on:
Jun 16 13:22:21 newtcp8 slapd[11410]: 8r
Jun 16 13:22:21 newtcp8 slapd[11410]:
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: read activity on 8
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: select: listen=7 active_threads=0 tvp=NULL
Jun 16 13:22:21 newtcp8 slapd[11410]: connection_read(8): input error=-2 id=1, closing.
Jun 16 13:22:21 newtcp8 slapd[11410]: conn=1 op=2 UNBIND
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: removing 8
Jun 16 13:22:21 newtcp8 slapd[11410]: conn=1 fd=8 closed
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: activity on 1 descriptor
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: waked
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: select: listen=6 active_threads=0 tvp=NULL
Jun 16 13:22:21 newtcp8 slapd[11410]: daemon: select: listen=7 active_threads=0 tvp=NULL
##############################################

I have analysed both sets of debug output and there are no material differences except that the successful query applies a number of equality test operations (indicating it is successfully walking through the entries in the passwd file) where as the failed query only applies 1 equality test. It's like the subsequent queries are not causing a full re-walk of the passwd database to find a match, but that's pure speculation at this point.

Any insights into why the passwd backend might be behaving like this would be greatly appreciated.

Please let me know if additional information or more detailed debugging output would help to diagnose the issue.

Thanks in advance.

Cheers,
Lawrence