--On Tuesday, March 19, 2013 7:37 PM +0000 carl.swenson@dia.mil wrote:

> Full_Name: C. Swenson
> Version: 2.4.30
> OS: Solaris 10
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (214.3.138.234)

Sounds like a bug in BDB to me, rather than openldap.

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Quanah,

Thank you for the reply.

I double checked my versions on some of my systems just to be sure.  One inconsistency I noticed was in the name of the DB package  Possibly downloaded at 2 different times from sunfreeware.com.

Example -
Sun Enterprise SPARC T5220 (everything works on this system)
pkginfo -l SMColdap - version 2.4.30
pkginfo -l SMCossl - version 1.0.1c
pkginfo -l SMCdb - version 4.7.25.NC

Sun Enterprise SPARC T4-1 (the logs go crazy on this system)
pkginfo -l SMColdap - version 2.4.30
pkginfo -l SMCossl - version 1.0.1c
pkginfo -l SMCdb47 - version 4.7.25.NC

IDK how this would affect the system, but based on your suggestion there is some difference in the package as the "pkginst" name on one system is SMCdb, and SMCdb47 on the other while the version is exactly the same.

Has anyone reported this before?

Any help would be greatly appreciated.

Thank you

Carl




-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@zimbra.com]
Sent: Tuesday, March 19, 2013 4:16 PM
To: Swenson_CNTR, Carl E.; openldap-its@openldap.org
Subject: Re: (ITS#7545) Problem with v2.4.30

--On Tuesday, March 19, 2013 7:37 PM +0000 carl.swenson@dia.mil wrote:

> Full_Name: C. Swenson
> Version: 2.4.30
> OS: Solaris 10
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (214.3.138.234)

Sounds like a bug in BDB to me, rather than openldap.

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

--On Tuesday, March 19, 2013 8:57 PM +0000 "Swenson_CNTR, Carl E." 
<Carl.Swenson@dodiis.mil> wrote:

> Quanah,
>
> Thank you for the reply.
>
> I double checked my versions on some of my systems just to be sure.  One
> inconsistency I noticed was in the name of the DB package  Possibly
> downloaded at 2 different times from sunfreeware.com.
>
> Example -
> Sun Enterprise SPARC T5220 (everything works on this system)
> pkginfo -l SMColdap - version 2.4.30
> pkginfo -l SMCossl - version 1.0.1c
> pkginfo -l SMCdb - version 4.7.25.NC
>
> Sun Enterprise SPARC T4-1 (the logs go crazy on this system)
> pkginfo -l SMColdap - version 2.4.30
> pkginfo -l SMCossl - version 1.0.1c
> pkginfo -l SMCdb47 - version 4.7.25.NC
>
> IDK how this would affect the system, but based on your suggestion there
> is some difference in the package as the "pkginst" name on one system is
> SMCdb, and SMCdb47 on the other while the version is exactly the same.

I have no idea.  I abandoned Slowaris years ago... I abandoned using BDB 
with OpenLDAP last year.  However, no one has reported any issues like 
this.  It really appears to be a bug in BDB rather than OpenLDAP however.

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Quanah,

Fine, I get it, you hate Solaris, BDB, etc......  But this is what I have to work with, and I still have an issue that I have never heard of, nor do I know what to even look for.  Google searches turn up very little.

Is there an "OpenLDAP forum" where you can get help?  I have tried removing the package labeled SMCdb47, and loaded SMCdb.  The result is still the same.  I know you don't like BDB, (you didn't mention what you do prefer) but in any case we are approved to use OpenLDAP w/ BDB.  Normally we download all the supporting packages from sunfreeware.com, and if I remember correctly, it is defaulted to use BDB.

So I have to use:
Solaris 10
BDB 4.7.25.NC
OpenSSL 1.0.1c
OpenLDAP 2.4.30

What can I do.  I have configured hundreds of servers using these packages, and their predecessors.  We have never seen this behavior.


Carl


-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@zimbra.com]
Sent: Wednesday, March 20, 2013 2:20 PM
To: Swenson_CNTR, Carl E.; openldap-its@openldap.org
Subject: RE: (ITS#7545) Problem with v2.4.30

--On Tuesday, March 19, 2013 8:57 PM +0000 "Swenson_CNTR, Carl E."
<Carl.Swenson@dodiis.mil> wrote:

> Quanah,
>
> Thank you for the reply.
>
> I double checked my versions on some of my systems just to be sure.
> One inconsistency I noticed was in the name of the DB package
> Possibly downloaded at 2 different times from sunfreeware.com.
>
> Example -
> Sun Enterprise SPARC T5220 (everything works on this system) pkginfo
> -l SMColdap - version 2.4.30 pkginfo -l SMCossl - version 1.0.1c
> pkginfo -l SMCdb - version 4.7.25.NC
>
> Sun Enterprise SPARC T4-1 (the logs go crazy on this system) pkginfo
> -l SMColdap - version 2.4.30 pkginfo -l SMCossl - version 1.0.1c
> pkginfo -l SMCdb47 - version 4.7.25.NC
>
> IDK how this would affect the system, but based on your suggestion
> there is some difference in the package as the "pkginst" name on one
> system is SMCdb, and SMCdb47 on the other while the version is exactly the same.

I have no idea.  I abandoned Slowaris years ago... I abandoned using BDB with OpenLDAP last year.  However, no one has reported any issues like this.  It really appears to be a bug in BDB rather than OpenLDAP however.

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

--On Tuesday, March 26, 2013 6:09 PM +0000 "Swenson_CNTR, Carl E." 
<Carl.Swenson@dodiis.mil> wrote:

> Quanah,
>
> Fine, I get it, you hate Solaris, BDB, etc......  But this is what I have
> to work with, and I still have an issue that I have never heard of, nor
> do I know what to even look for.  Google searches turn up very little.
>
> Is there an "OpenLDAP forum" where you can get help?  I have tried
> removing the package labeled SMCdb47, and loaded SMCdb.  The result is
> still the same.  I know you don't like BDB, (you didn't mention what you
> do prefer) but in any case we are approved to use OpenLDAP w/ BDB.
> Normally we download all the supporting packages from sunfreeware.com,
> and if I remember correctly, it is defaulted to use BDB.

As I initially stated, there is nothing in your bug report to indicate a 
bug with OpenLDAP.  I would note that BDB 4.7.25 is ancient.  I would note 
that OpenLDAP 2.4.30 is fairly old.  Who knows how OpenLDAP or BDB was 
built with those packages you are using.  There certainly isn't enough 
detail in your report to really offer you any particular direction to 
pursue.  If it was *me*, I would build the latest OpenLDAP with a current 
version of BDB, where I could control the compile options and flags.

By the way, BDB support in OpenLDAP is essentially deprecated.  All ongoing 
development is with the new MDB backend.

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Carl.Swenson@dodiis.mil wrote:
> Quanah,
>
> Fine, I get it, you hate Solaris, BDB, etc...... But this is what I have
> to
work with, and I still have an issue that I have never heard of, nor do I know
what to even look for. Google searches turn up very little.
>
> Is there an "OpenLDAP forum" where you can get help? I have tried removing
the package labeled SMCdb47, and loaded SMCdb. The result is still the same. I
know you don't like BDB, (you didn't mention what you do prefer) but in any
case we are approved to use OpenLDAP w/ BDB. Normally we download all the
supporting packages from sunfreeware.com, and if I remember correctly, it is
defaulted to use BDB.
>
> So I have to use:
> Solaris 10
> BDB 4.7.25.NC
> OpenSSL 1.0.1c
> OpenLDAP 2.4.30
>
> What can I do. I have configured hundreds of servers using these packages,
and their predecessors. We have never seen this behavior.

Well... Oracle now owns your hardware manufacturer and the software in 
question. They'd be the obvious place to ask for help.

Frankly I'm surprised that a military site on a classified network is allowed 
to install freeware binaries from any internet site. You have no idea how 
those binaries were built, and certainly no recourse if they fail in any way 
or happen to have trojans/malware embedded within.

My first step would be to compile current source code. If the behavior still 
exists on current code, then start debugging/diagnosing. BDB 4.7.25 is quite 
old, as Quanah already pointed out. We've never seen any other cases reported 
like this, but it's always possible for a mixture of old binaries and new 
hardware to go bad. For all you know it's an instruction set incompatibility 
and recompiling BDB for your T4 will make it go away.

>
>
> Carl
>
>
> -----Original Message-----
> From: Quanah Gibson-Mount [mailto:quanah@zimbra.com]
> Sent: Wednesday, March 20, 2013 2:20 PM
> To: Swenson_CNTR, Carl E.; openldap-its@openldap.org
> Subject: RE: (ITS#7545) Problem with v2.4.30
>
> --On Tuesday, March 19, 2013 8:57 PM +0000 "Swenson_CNTR, Carl E."
> <Carl.Swenson@dodiis.mil> wrote:
>
>> Quanah,
>>
>> Thank you for the reply.
>>
>> I double checked my versions on some of my systems just to be sure.
>> One inconsistency I noticed was in the name of the DB package
>> Possibly downloaded at 2 different times from sunfreeware.com.
>>
>> Example -
>> Sun Enterprise SPARC T5220 (everything works on this system) pkginfo
>> -l SMColdap - version 2.4.30 pkginfo -l SMCossl - version 1.0.1c
>> pkginfo -l SMCdb - version 4.7.25.NC
>>
>> Sun Enterprise SPARC T4-1 (the logs go crazy on this system) pkginfo
>> -l SMColdap - version 2.4.30 pkginfo -l SMCossl - version 1.0.1c
>> pkginfo -l SMCdb47 - version 4.7.25.NC
>>
>> IDK how this would affect the system, but based on your suggestion
>> there is some difference in the package as the "pkginst" name on one
>> system is SMCdb, and SMCdb47 on the other while the version is exactly the same.
>
> I have no idea.  I abandoned Slowaris years ago... I abandoned using BDB with OpenLDAP last year.  However, no one has reported any issues like this.  It really appears to be a bug in BDB rather than OpenLDAP however.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
> --------------------
> Zimbra ::  the leader in open source messaging and collaboration
>
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

All,

Thank you for the replies.  Yes, Oracle makes the hardware, but as you may have experienced when dealing with Oracle, if there is anything on the server that is not "Oracle", then the problem must be with that software.  (This is the response you will get from Oracle on just about anything).

We have many security layers, and an "isolated network" that has zero chance of getting to the internet / outside world that is of very little risk from malware.  It is true we have never had to compile the packages being used so the install defaults referred to BDB, and that is what we used.  I realize BDB 4.7.25.NC may not be the "bleeding edge" but it is the release referred to on sunfreeware.com (they have v2.4.32 packaged for download), and when you look on OpenLDAP's web site there are references to get the compiled packages from sunfreeware.com.  I see on Oracle's web site there is a v5.3 download that can try.

As far as "mdb" goes, we don't know what that is, and most references even in the v2.4.34 download talk about BDB.  The purpose we use OpenLDAP for is a very simple authentication with WebLogic.  Nothing heavy duty.

I agree there could be some "strangeness" when mixing these packages with a new T4, but it is still unknown.

Quanah,

"There certainly isn't enough detail in your report to really offer you any particular direction to pursue."

What is it that would be useful, if I can capture it, and "secure" transfer it then I will.  But I can't get most detail reports through security de-class scan to be able to post it.

Carl

===========




Well... Oracle now owns your hardware manufacturer and the software in question. They'd be the obvious place to ask for help.

Frankly I'm surprised that a military site on a classified network is allowed to install freeware binaries from any internet site. You have no idea how those binaries were built, and certainly no recourse if they fail in any way or happen to have trojans/malware embedded within.

My first step would be to compile current source code. If the behavior still exists on current code, then start debugging/diagnosing. BDB 4.7.25 is quite old, as Quanah already pointed out. We've never seen any other cases reported like this, but it's always possible for a mixture of old binaries and new hardware to go bad. For all you know it's an instruction set incompatibility and recompiling BDB for your T4 will make it go away.

>
>
> Carl
>
>
> -----Original Message-----
> From: Quanah Gibson-Mount [mailto:quanah@zimbra.com]
> Sent: Wednesday, March 20, 2013 2:20 PM
> To: Swenson_CNTR, Carl E.; openldap-its@openldap.org
> Subject: RE: (ITS#7545) Problem with v2.4.30
>
> --On Tuesday, March 19, 2013 8:57 PM +0000 "Swenson_CNTR, Carl E."
> <Carl.Swenson@dodiis.mil> wrote:
>
>> Quanah,
>>
>> Thank you for the reply.
>>
>> I double checked my versions on some of my systems just to be sure.
>> One inconsistency I noticed was in the name of the DB package
>> Possibly downloaded at 2 different times from sunfreeware.com.
>>
>> Example -
>> Sun Enterprise SPARC T5220 (everything works on this system) pkginfo
>> -l SMColdap - version 2.4.30 pkginfo -l SMCossl - version 1.0.1c
>> pkginfo -l SMCdb - version 4.7.25.NC
>>
>> Sun Enterprise SPARC T4-1 (the logs go crazy on this system) pkginfo
>> -l SMColdap - version 2.4.30 pkginfo -l SMCossl - version 1.0.1c
>> pkginfo -l SMCdb47 - version 4.7.25.NC
>>
>> IDK how this would affect the system, but based on your suggestion
>> there is some difference in the package as the "pkginst" name on one
>> system is SMCdb, and SMCdb47 on the other while the version is exactly the same.
>
> I have no idea.  I abandoned Slowaris years ago... I abandoned using BDB with OpenLDAP last year.  However, no one has reported any issues like this.  It really appears to be a bug in BDB rather than OpenLDAP however.
>
> --Quanah
>
> --
>
> Quanah Gibson-Mount
> Sr. Member of Technical Staff
> Zimbra, Inc
> A Division of VMware, Inc.
> --------------------
> Zimbra ::  the leader in open source messaging and collaboration
>
>
>


--
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

--On Tuesday, March 26, 2013 7:45 PM +0000 "Swenson_CNTR, Carl E." 
<Carl.Swenson@dodiis.mil> wrote:

> All,
>
> Thank you for the replies.  Yes, Oracle makes the hardware, but as you
> may have experienced when dealing with Oracle, if there is anything on
> the server that is not "Oracle", then the problem must be with that
> software.  (This is the response you will get from Oracle on just about
> anything).

BDB is owned by Oracle, so they should be able to help you with it.  The 
creation of the BDB log files is *purely* a function internal to BDB.  The 
fact that they are exploding would be a function of BDB.  That is why I've 
repeatedly said there is no indication of an OpenLDAP bug here.  That is 
why Howard directed you to Oracle.  They are the ones who own BDB, they 
should be able to provide you insight into why it has broken on your new 
server.

BDB logs are created when changes are made to the database.  If you see 
your logs "exploding" without corresponding massive changes being made to 
the OpenLDAP server, then you are essentially ensured that the issue is 
with BDB.  I would also suggest you run the db_archive utility to see what 
log(s) it says can or can't be archived.  It is possible that BDB is 
holding open a write or read transaction for some reason (again, a BDB bug).

As for MDB, it is a new database written by Howard Chu, the primary 
OpenLDAP Developer.  You can read up on it at <http://symas.com/mdb/>.  It 
is significantly better than BDB in numerous ways.  I disagree with your 
assessment on the recent change log as well.  It is almost all entirely 
around mdb.

OpenLDAP 2.4.34 Release (2013/03/03)
	Fixed liblmdb mdb_env_open flag handling (ITS#7453)
	Fixed liblmdb mdb_midl_sort array optimization (ITS#7432)
	Fixed liblmdb freelist with large entries (ITS#7455)
	Fixed liblmdb to check for filled dirty page list (ITS#7491)
	Fixed liblmdb to validate data limits (ITS#7485)
	Fixed liblmdb mdb_update_key for large keys (ITS#7505)
	Fixed slapd-mdb to reopen attr DBs after env reopen (ITS#7416)
	Fixed slapd-mdb handling of missing entries (ITS#7483,7496)
	Fixed slapd-mdb environment flag setting (ITS#7452)
	Fixed slapd-mdb with sub db slapcat (ITS#7469)
	Fixed slapd-mdb to correctly work with toolthreads > 2 (ITS#7488,ITS#7527)
	Fixed slapd-mdb subtree search speed (ITS#7473)

I see zero changes in 2.4.34 related to BDB at all.

OpenLDAP 2.4.33 Release (2012/10/10)
	Fixed liblmdb POSIX semaphore cleanup on environment close (ITS#7364)
	Fixed liblmdb mdb_page_split (ITS#7385, ITS#7229)
	Fixed slapd-mdb slapadd -q -w double free (ITS#7356)
	Fixed slapd-mdb to close read txn in reindex commit (ITS#7386)

Again, no changes related to BDB.

The last release with any fixes specific to BDB was 2.4.32.

--Quanah


--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

changed notes
changed state Open to Closed

Not an OpenLDAP issue