Logged in as guest
Viewing Historical/5504 Full headers
Major security issue: yes no
Notes: 2.2 Notification:
Date: Fri, 9 May 2008 17:38:22 GMT From: Javier.Fernandez@cern.ch To: openldap-its@OpenLDAP.org Subject: ldapsearch hangs retrieving info
Full_Name: Javier Fernandez Version: 2.2.13 OS: SL4 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (156.35.192.4) Hi, ldapsearch gets stuck retrieving info and after some minutes the following error message is thrown: ldap_result: Can't contact LDAP server (-1) I'm using: ldapsearch -V ldapsearch: @(#) $OpenLDAP: ldapsearch 2.2.13 (May 3 2007 03:01:11) $ root@lxcert-amd64:/scratch/rpmbuild.7430.xx7460/openldap-2.2.13/openldap-2.2.13/build-clients/clients/tools (LDAP library: OpenLDAP 20213) under Linux 2.6.9-55.EL.cernsmp #1 SMP Thu May 10 18:09:56 CEST 2007 x86_64 x86_64 x86_64 GNU/Linux Things used to work until one day when it began to give problems, so it could be a site network port filtering problem, but our network administrator does not know how to debug, so we would need any hint on how to trace back the problem. The command, which starts working but after some time gets stuck, is: ldapsearch -p 2170 -h exp-bdii.cern.ch -x -LLL -b "o=grid" -d -1 Of course, we CAN do a telnet on that port and that host. Any help is really welcome and apreciated. Here is a snippet from the output of the command: ldap_create ldap_url_parse_ext(ldap://exp-bdii.cern.ch:2170) ldap_bind_s ldap_simple_bind_s ldap_sasl_bind_s ldap_sasl_bind ldap_send_initial_request ldap_new_connection ldap_int_open_connection ldap_connect_to_host: TCP exp-bdii.cern.ch:2170 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 128.142.173.206:2170 ldap_connect_timeout: fd: 3 tm: -1 async: 0 ldap_ndelay_on: 3 ldap_is_sock_ready: 3 ldap_ndelay_off: 3 ldap_open_defconn: successful ldap_send_server_request ber_flush: 14 bytes to sd 3 0000: 30 0c 02 01 01 60 07 02 01 03 04 00 80 00 0....`........ ldap_write: want=14, written=14 0000: 30 0c 02 01 01 60 07 02 01 03 04 00 80 00 0....`........ ldap_result msgid 1 ldap_chkResponseList for msgid=1, all=1 ldap_chkResponseList returns NULL wait4msg (infinite timeout), msgid 1 wait4msg continue, msgid 1, all 1 ** Connections: * host: exp-bdii.cern.ch port: 2170 (default) refcnt: 2 status: Connected last used: Fri May 9 18:19:40 2008 ** Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ** Response Queue: Empty ldap_chkResponseList for msgid=1, all=1 ldap_chkResponseList returns NULL ldap_int_select read1msg: msgid 1, all 1 ber_get_next ---snip------ ldap_int_select read1msg: msgid -1, all 0 ber_get_next ldap_read: want=8, got=8 0000: 30 82 03 57 02 01 02 64 0..W...d ldap_read: want=851, got=571 0000: 82 03 50 04 51 47 6c 75 65 43 6c 75 73 74 65 72 ..P.QGlueCluster 0010: 55 6e 69 71 75 65 49 44 3d 67 62 2d 63 65 2d 61 UniqueID=gb-ce-a 0020: 6d 63 2e 61 6d 63 2e 6e 6c 2c 4d 64 73 2d 56 6f mc.amc.nl,Mds-Vo 0030: 2d 6e 61 6d 65 3d 4c 53 47 2d 41 4d 43 2c 4d 64 -name=LSG-AMC,Md 0040: 73 2d 56 6f 2d 6e 61 6d 65 3d 6c 6f 63 61 6c 2c s-Vo-name=local, 0050: 6f 3d 67 72 69 64 30 82 02 f9 30 60 04 0b 6f 62 o=grid0...0`..ob 0060: 6a 65 63 74 43 6c 61 73 73 31 51 04 0e 47 6c 75 jectClass1Q..Glu 0070: 65 43 6c 75 73 74 65 72 54 6f 70 04 0b 47 6c 75 eClusterTop..Glu 0080: 65 43 6c 75 73 74 65 72 04 11 47 6c 75 65 53 63 eCluster..GlueSc 0090: 68 65 6d 61 56 65 72 73 69 6f 6e 04 16 47 6c 75 hemaVersion..Glu 00a0: 65 49 6e 66 6f 72 6d 61 74 69 6f 6e 53 65 72 76 eInformationServ 00b0: 69 63 65 04 07 47 6c 75 65 4b 65 79 30 25 04 0f ice..GlueKey0%.. 00c0: 47 6c 75 65 43 6c 75 73 74 65 72 4e 61 6d 65 31 GlueClusterName1 00d0: 12 04 10 67 62 2d 63 65 2d 61 6d 63 2e 61 6d 63 ...gb-ce-amc.amc 00e0: 2e 6e 6c 30 71 04 12 47 6c 75 65 43 6c 75 73 74 .nl0q..GlueClust 00f0: 65 72 53 65 72 76 69 63 65 31 5b 04 2b 67 62 2d erService1[.+gb- 0100: 63 65 2d 61 6d 63 2e 61 6d 63 2e 6e 6c 3a 32 31 ce-amc.amc.nl:21 0110: 31 39 2f 6a 6f 62 6d 61 6e 61 67 65 72 2d 70 62 19/jobmanager-pb 0120: 73 2d 6d 65 64 69 75 6d 04 2c 67 62 2d 63 65 2d s-medium.,gb-ce- 0130: 61 6d 63 2e 61 6d 63 2e 6e 6c 3a 32 31 31 39 2f amc.amc.nl:2119/ 0140: 6a 6f 62 6d 61 6e 61 67 65 72 2d 70 62 73 2d 65 jobmanager-pbs-e 0150: 78 70 72 65 73 73 30 29 04 13 47 6c 75 65 43 6c xpress0)..GlueCl 0160: 75 73 74 65 72 55 6e 69 71 75 65 49 44 31 12 04 usterUniqueID1.. 0170: 10 67 62 2d 63 65 2d 61 6d 63 2e 61 6d 63 2e 6e .gb-ce-amc.amc.n 0180: 6c 30 82 01 3a 04 0e 47 6c 75 65 46 6f 72 65 69 l0..:..GlueForei 0190: 67 6e 4b 65 79 31 82 01 26 04 18 47 6c 75 65 53 gnKey1..&..GlueS 01a0: 69 74 65 55 6e 69 71 75 65 49 44 3d 4c 53 47 2d iteUniqueID=LSG- 01b0: 41 4d 43 04 3a 47 6c 75 65 43 45 55 6e 69 71 75 AMC.:GlueCEUniqu 01c0: 65 49 44 3d 67 62 2d 63 65 2d 61 6d 63 2e 61 6d eID=gb-ce-amc.am 01d0: 63 2e 6e 6c 3a 32 31 31 39 2f 6a 6f 62 6d 61 6e c.nl:
Date: Fri, 09 May 2008 15:37:58 -0700 From: Howard Chu <hyc@symas.com> To: Javier.Fernandez@cern.ch CC: openldap-its@openldap.org Subject: Re: (ITS#5504) ldapsearch hangs retrieving info
Javier.Fernandez@cern.ch wrote: > Full_Name: Javier Fernandez > Version: 2.2.13 > OS: SL4 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (156.35.192.4) OpenLDAP 2.2 was moved to Historical status a few years ago. Upgrade to a current supported release if you want anyone to look into this. > > Hi, > ldapsearch gets stuck retrieving info and after some minutes the following error > message is thrown: > ldap_result: Can't contact LDAP server (-1) > > I'm using: > ldapsearch -V > ldapsearch: @(#) $OpenLDAP: ldapsearch 2.2.13 (May 3 2007 03:01:11) $ > root@lxcert-amd64:/scratch/rpmbuild.7430.xx7460/openldap-2.2.13/openldap-2.2.13/build-clients/clients/tools > (LDAP library: OpenLDAP 20213) > > under > Linux 2.6.9-55.EL.cernsmp #1 SMP Thu May 10 18:09:56 CEST 2007 x86_64 x86_64 > x86_64 GNU/Linux > > Things used to work until one day when it began to give problems, so it could be > a site network port filtering problem, but our network administrator does not > know how to debug, so we would need any hint on how to trace back the problem. > > The command, which starts working but after some time gets stuck, is: > > ldapsearch -p 2170 -h exp-bdii.cern.ch -x -LLL -b "o=grid" -d -1 > > Of course, we CAN do a telnet on that port and that host. Any help is really > welcome and apreciated. Here is a snippet from the output of the command: -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Date: Wed, 14 May 2008 11:54:53 +0200 From: Javier Fernandez <Javier.Fernandez@cern.ch> Subject: Re: (ITS#5504) ldapsearch hangs retrieving info To: openldap-its@OpenLDAP.org
Hi Howard, unfortunately there.s no update for openladp under SL4, that.s why we are using such version. In fact I see no newer versions but for Fedora and Mandriva http://www.rpmfind.net/linux/rpm2html/search.php?query=openldap In fact, other sites are living nice with that version or older ones. In any case, I have compiled and built latest stable version from openldap project webpage (2.3.39) and I get the same problem. I'm not saying this is a bug from ldap, but something with local area network configuration. I'm asking for some support to debug this problem actually. Javi -- +--------------------------------------------------------------+ Javier Fernandez Menendez Grupo de Fisica de AAEE Universidad de Oviedo C/ Calvo Sotelo, s/n 33005 Oviedo Phone: +34 985106252 mailto:Javier.Fernandez@cern.ch +---------------------------------------------------------------+
Date: Wed, 14 May 2008 17:12:17 +0200 From: Javier Fernandez <Javier.Fernandez@cern.ch> Subject: (ITS#5504) ldapsearch hangs retrieving info To: openldap-its@OpenLDAP.org
Date: Wed, 14 May 2008 09:40:40 -0700 From: Quanah Gibson-Mount <quanah@zimbra.com> To: Javier.Fernandez@cern.ch, openldap-its@openldap.org Subject: Re: (ITS#5504) ldapsearch hangs retrieving info
--On Wednesday, May 14, 2008 9:56 AM +0000 Javier.Fernandez@cern.ch wrote: > unfortunately there?s no update for openladp under SL4, that?s why we > are using such version. In fact I see no newer versions but for Fedora > and Mandriva <http://staff.telkomsa.net/packages/> or <http://www.symas.com> > In fact, other sites are living nice with that version or older ones. > In any case, I have compiled and built latest stable version from > openldap project webpage (2.3.39) and I get the same problem. I'm not > saying this is a bug from ldap, but something with local area network > configuration. > > I'm asking for some support to debug this problem actually. If the bug is not specifically in the OpenLDAP software, I suggest you peruse: <http://www.openldap.org/support/> I would note I don't see anything particular in what you provide indicating the problem is with ldapsearch. What version of OpenLDAP is the server in question running (I see it is OpenLDAP by querying its rootDSE)? I'll note that a *limited* ldapsearch works just fine: [quanah@freelancer ~]$ ldapsearch -x -H ldap://exp-bdii.cern.ch:2170 -b "" -s base + # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: + # # dn: structuralObjectClass: OpenLDAProotDSE namingContexts: o=grid supportedControl: 2.16.840.1.113730.3.4.18 supportedControl: 2.16.840.1.113730.3.4.2 supportedControl: 1.3.6.1.4.1.4203.1.10.1 supportedControl: 1.2.840.113556.1.4.1413 supportedControl: 1.2.840.113556.1.4.1339 supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.2.826.0.1.334810.2.3 supportedExtension: 1.3.6.1.4.1.1466.20037 supportedExtension: 1.3.6.1.4.1.4203.1.11.1 supportedExtension: 1.3.6.1.4.1.4203.1.11.3 supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 supportedFeatures: 1.3.6.1.4.1.4203.1.5.2 supportedFeatures: 1.3.6.1.4.1.4203.1.5.3 supportedFeatures: 1.3.6.1.4.1.4203.1.5.4 supportedFeatures: 1.3.6.1.4.1.4203.1.5.5 supportedLDAPVersion: 2 supportedLDAPVersion: 3 supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: CRAM-MD5 subschemaSubentry: cn=Subschema # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [quanah@freelancer ~]$ I would also note that for me, doing a dump of the entire server works just fine: ldapsearch -x -H ldap://exp-bdii.cern.ch:2170 -b "o=grid" results in: # search result search: 2 result: 0 Success # numResponses: 43962 # numEntries: 43961 Adding -d -1 to the query, I eventually see the same thing you do: ber_get_next failed. wait4msg continue ld 0x233f0e0 msgid -1 all 0 ** ld 0x233f0e0 Connections: * host: exp-bdii.cern.ch port: 2170 (default) refcnt: 2 status: Connected last used: Wed May 14 09:34:06 2008 ** ld 0x233f0e0 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ** ld 0x233f0e0 Response Queue: Empty ldap_chkResponseList ld 0x233f0e0 msgid -1 all 0 ldap_chkResponseList returns ld 0x233f0e0 NULL ldap_int_select read1msg: ld 0x233f0e0 msgid -1 all 0 ber_get_next ldap_read: want=1142, got=0 ber_get_next failed. ldap_perror ldap_result: Can't contact LDAP server (-1) ldap_free_request (origid 2, msgid 2) ldap_free_connection 1 1 ldap_send_unbind ber_flush: 7 bytes to sd 3 0000: 30 05 02 01 03 42 00 0....B. ldap_write: want=7, written=7 0000: 30 05 02 01 03 42 00 0....B. ldap_free_connection: actually freed --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
Date: Thu, 15 May 2008 11:11:59 +0200 From: Javier Fernandez <Javier.Fernandez@cern.ch> Subject: Re: (ITS#5504) ldapsearch hangs retrieving info To: Quanah Gibson-Mount <quanah@zimbra.com> Cc: openldap-its@openldap.org
Thanks Quanah for your time. I have some answers/comments inline: Quanah Gibson-Mount escribi.: > --On Wednesday, May 14, 2008 9:56 AM +0000 Javier.Fernandez@cern.ch > wrote: > >> unfortunately there?s no update for openladp under SL4, that?s why we >> are using such version. In fact I see no newer versions but for Fedora >> and Mandriva > <http://staff.telkomsa.net/packages/> > or > <http://www.symas.com> I have tried installing last 2.4 version for RH but I get the same result, since problem is not related to ldap version I'm afraid >> In fact, other sites are living nice with that version or older ones. >> In any case, I have compiled and built latest stable version from >> openldap project webpage (2.3.39) and I get the same problem. I'm not >> saying this is a bug from ldap, but something with local area network >> configuration. >> >> I'm asking for some support to debug this problem actually. > If the bug is not specifically in the OpenLDAP software, I suggest you > peruse: > > <http://www.openldap.org/support/> Well, this is the first thing I tried, but I got no solutions browsing through the pages and therefore I tried this mailing list referenced from that link. > I would note I don't see anything particular in what you provide > indicating the problem is with ldapsearch. What version of OpenLDAP > is the server in question running (I see it is OpenLDAP by querying > its rootDSE)? > > I'll note that a *limited* ldapsearch works just fine: > > [quanah@freelancer ~]$ ldapsearch -x -H ldap://exp-bdii.cern.ch:2170 > -b "" -s base + > # extended LDIF > # > # LDAPv3 snip > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 That works fine for me. > I would also note that for me, doing a dump of the entire server works > just fine: > > ldapsearch -x -H ldap://exp-bdii.cern.ch:2170 -b "o=grid" > > results in: > > # search result > search: 2 > result: 0 Success > > # numResponses: 43962 > # numEntries: 43961 I do not reach that point, in fact that is the problem: command gets stuck retrieving one of the entries, in particular today it hangs at: GlueCEAccessControlBaseRule: VO:ops GlueForeignKey: GlueClusterUniqueID=ce104.cern.ch GlueInformationServiceURL: ldap://ce104.cern.ch:2170/mds-vo-name=resource,o=gr id GlueSchemaVersionMajor: 1 GlueSchemaVersionMinor: 3 and after a long long time, the output gives/jumps to another entry... and it continues dripping entries from time to time for an indefinite period until the command gives timeout. A ping to exp-bdii.cern.ch gives an average delay of 40ms which I consider normal. From any other sites (e.g. any machine from CERN) the command works fine in any openldap version, although I do not see any summary at the end with such big number of entries and results as you do. > > Adding -d -1 to the query, I eventually see the same thing you do: > I just added it to perform some debugging but I do not know how to interpret the results. Once more: any hint on how to trace back this problem would be really apreciated. Thank you very much. -- +--------------------------------------------------------------+ Javier Fernandez Menendez Grupo de Fisica de AAEE Universidad de Oviedo C/ Calvo Sotelo, s/n 33005 Oviedo Phone: +34 985106252 mailto:Javier.Fernandez@cern.ch +---------------------------------------------------------------+
______________ © Copyright 2009, OpenLDAP Foundation, info@OpenLDAP.org
