OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Incoming/8268
Full headers

From: nvoutsin@gmai.com
Subject: slapd-ldap quarantine, per configuration retries fail
Compose comment
Download message
State:
0 replies:
0 followups:

Major security issue: yes  no

Notes:

Notification:


Date: Sun, 11 Oct 2015 17:42:42 +0000
From: nvoutsin@gmai.com
To: openldap-its@OpenLDAP.org
Subject: slapd-ldap quarantine, per configuration retries fail
Full_Name: Nikos Voutsinas
Version: 2.4.42
OS: Solaris/Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (62.38.193.214)


Hi,

In a 4-nodes MMR deployment with a 2-nodes LDAP Proxy Front-ends, we have
repeatedly noticed that whenever the connection recovery method falls into the
quarantine code, it fails.

i.e. when all the back-end ldap servers become unavailable, for some reason,
slapd-ldap fails to follow the retry scheme that is dictated by
olcDbQuarantine.

In our case we set olcDbQuarantine to: 10,30;60,+ and when we got a temporary
network timeout from all back-end ldap server this is what we saw in the slapd
logs.

Oct  7 21:30:58 proxy slapd[330]: conn=632725 op=0 ldap_back_retry: retrying
URI="ldap://back01 ldap://back02" DN=""
Oct  7 21:30:58 proxy slapd[330]: conn=632725 op=0: ldap_back_quarantine enter.
Oct  7 21:31:08 proxy slapd[330]: conn=632759 op=0: ldap_back_getconn quarantine
retry block #0 try #0.


After that the only method to recover was either to restart the whole process or
reset the value of olcDbQuarantine.

Thanks,
Nikos
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org