Full_Name: Hugo Monteiro Version: 2.4.23 OS: Debian Squeeze 64bits URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (193.136.124.150) Performing a substring query on a locally stored attribute of a translucent database, with only equality index will result on slapd crash. We have a translucent database set up to handle samba attributes and we observed that some client operations would crash slapd (like when performing user enumeration, while changind folder ACLs). The last logged query was "(&(objectClass=sambaGroupMapping)(sambaGroupType=4)(sambaSID=<OUR_DOMAINSID_HERE>*))" As per samba documentation we only had equality index on sambaSID attribute. We have then reconfigured that attribute to use eq,sub,pres indexes, ran slapindex on the database and slapd stopped crashing with that query.
Can you reproduce with latest release/master? Can you provide a minimal configuration+data that allows to reproduce the issue? p.
changed state Open to Feedback
On 09/21/2011 09:38 PM, Pierangelo Masarati wrote: > Can you reproduce with latest release/master? Can you provide a minimal > configuration+data that allows to reproduce the issue? > > p. > Hello Pierangelo, We are in the middle of several migration processes and i don't have the time to dig further into this issue right now, particularly in regard to trying latest/master. I can however serve you with some extra data. our LDAP infrastructure is like this: 1 master (provider) ----- 2 slaves (consumer) ----- 2 proxys But the problem is happening in another server, which as a translucent overlay and several other very small local databases. that server configuration file is --- snip --- include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/rfc2307bis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/unl.schema include /etc/ldap/schema/samba.schema include /etc/ldap/schema/qmail.schema include /etc/ldap/schema/sudo.schema include /etc/ldap/schema/RADIUS-LDAPv3.schema include /etc/ldap/schema/dyngroup.schema include /etc/ldap/schema/hdb.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel 256 idletimeout 600 threads 8 modulepath /usr/lib/ldap moduleload back_hdb moduleload memberof moduleload dynlist moduleload back_ldap moduleload translucent TLSCertificateFile /etc/ssl/certs/ldap.fct.unl.pt-2010-01-12.crt TLSCertificateKeyFile /etc/ssl/certs/ldap.fct.unl.pt-2010-01-12.key TLSCACertificateFile /etc/ssl/certs/ca-bundle.crt backend ldap sizelimit 100 timelimit unlimited include /etc/ldap/cdstaff.conf database hdb suffix "dc=unl,dc=pt" rootdn cn=cdstaff,dc=unl,dc=pt directory "/var/lib/ldap/dc=unl,dc=pt" lastmod on include /etc/ldap/acls.conf access to attrs=userPassword,sambaLMPassword,sambaNTPassword by dn.regex="cn=cpdunl,dc=unl,dc=pt" write by dn.regex="cn=readercpdunl,dc=unl,dc=pt" read by dn.regex="cn=cdstaff,dc=unl,dc=pt" write by self read by anonymous auth by * none access to * by dn.regex="cn=cpdunl,dc=unl,dc=pt" write by dn.regex="cn=cdstaff,dc=unl,dc=pt" write by * read index entryCSN eq index entryUUID eq index objectClass eq index uniqueIdentifier eq index displayName eq index uidNumber eq index gidNumber eq index title eq index uid eq,pres,sub,subinitial,subany,subfinal index member eq,pres index memberOf eq,pres index cn eq,sub,subinitial index sambaSID eq,pres,sub index sambaPrimaryGroupSID eq,pres index sambaSIDList eq,pres index sambaGroupType eq index memberUid eq index uniqueMember eq index sambaDomainName eq,pres index qmailUID eq index qmailGID eq index accountStatus eq index modifytimestamp eq index mailForwardingAddress eq index mail pres,eq,approx,sub index mailAlternateAddress pres,eq,approx,sub index mailHost pres,eq index radiusGroupName eq index sudoUser eq index krb5PrincipalName eq overlay translucent uri "ldap://ldap1.fct.unl.pt ldap://ldap2.fct.unl.pt" acl-bind binddn="cn=readercpdunl,dc=unl,dc=pt" credentials="h2qev49%71" translucent_strict translucent_local sambaAcctFlags,sambaAlgorithmicRidBase,sambaBadPasswordCount,sambaBadPasswordTime,sambaDomainName,sambaGroupType,sambaHomeDrive,sambaHomePath,sambaKickoffTime,sambaLogoffTime,sambaLogonHours,sambaLogonScript,sambaLogonTime,sambaMungedDial,sambaNextGroupRid,sambaNextRid,sambaNextUserRid,sambaPasswordHistory,sambaPrimaryGroupSID,sambaProfilePath,sambaPwdCanChange,sambaPwdLastSet,sambaPwdMustChange,sambaSID,sambaSIDList,sambaUserWorkstations --- snip --- That /etc/ldap/cdstaff.conf file contains the definitions of several local databases, which use no other overlays or special configuration. Its content is --- snip --- database hdb suffix "sambaDomainName=STAFF,dc=fct,dc=unl,dc=pt" rootdn "cn=cdstaff,dc=unl,dc=pt" directory "/var/lib/ldap/sambaDomainName=STAFF,dc=fct,dc=unl,dc=pt" index objectClass,sambaSID,sambaDomainName,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn eq lastmod on access to dn.base="sambaDomainName=STAFF,dc=fct,dc=unl,dc=pt" by * read access to * by dn="cn=cpdunl,dc=unl,dc=pt" write by dn="cn=readercpdunl,dc=unl,dc=pt" write by dn="cn=cdstaff,dc=unl,dc=pt" write by * read subordinate database hdb suffix "ou=machines,dc=fct,dc=unl,dc=pt" rootdn "cn=cdstaff,dc=unl,dc=pt" directory "/var/lib/ldap/ou=machines,dc=fct,dc=unl,dc=pt" index objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn eq lastmod on access to dn.base="ou=machines,dc=fct,dc=unl,dc=pt" by * read access to * by dn="cn=cpdunl,dc=unl,dc=pt" write by dn="cn=readercpdunl,dc=unl,dc=pt" write by dn="cn=cdstaff,dc=unl,dc=pt" write by * read subordinate database hdb suffix "cn=Administrator,ou=agentes,dc=fct,dc=unl,dc=pt" rootdn "cn=cdstaff,dc=unl,dc=pt" directory "/var/lib/ldap/cn=Administrator,ou=agentes,dc=fct,dc=unl,dc=pt" index objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn eq lastmod on access to dn.base="cn=Administrator,ou=agentes,dc=fct,dc=unl,dc=pt" by * read access to * by dn="cn=cpdunl,dc=unl,dc=pt" write by dn="cn=readercpdunl,dc=unl,dc=pt" write by dn="cn=cdstaff,dc=unl,dc=pt" write by * read subordinate database hdb suffix "cn=Domain Admins,ou=grupos,dc=fct,dc=unl,dc=pt" rootdn "cn=cdstaff,dc=unl,dc=pt" directory "/var/lib/ldap/cn=Domain Admins,ou=grupos,dc=fct,dc=unl,dc=pt" index objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn eq lastmod on access to dn.base="cn=Domain Admins,ou=grupos,dc=fct,dc=unl,dc=pt" by * read access to * by dn="cn=cpdunl,dc=unl,dc=pt" write by dn="cn=readercpdunl,dc=unl,dc=pt" write by dn="cn=cdstaff,dc=unl,dc=pt" write by * read subordinate database hdb suffix "cn=Domain Users,ou=grupos,dc=fct,dc=unl,dc=pt" rootdn "cn=cdstaff,dc=unl,dc=pt" directory "/var/lib/ldap/cn=Domain Users,ou=grupos,dc=fct,dc=unl,dc=pt" index objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn eq lastmod on access to dn.base="" by * read access to * by dn="cn=cpdunl,dc=unl,dc=pt" write by dn="cn=readercpdunl,dc=unl,dc=pt" write by dn="cn=cdstaff,dc=unl,dc=pt" write by * read subordinate database hdb suffix "cn=Domain Guests,ou=grupos,dc=fct,dc=unl,dc=pt" rootdn "cn=cdstaff,dc=unl,dc=pt" directory "/var/lib/ldap/cn=Domain Guests,ou=grupos,dc=fct,dc=unl,dc=pt" index objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn eq lastmod on access to dn.base="" by * read access to * by dn="cn=cpdunl,dc=unl,dc=pt" write by dn="cn=readercpdunl,dc=unl,dc=pt" write by dn="cn=cdstaff,dc=unl,dc=pt" write by * read subordinate database hdb suffix "cn=Domain Computers,ou=grupos,dc=fct,dc=unl,dc=pt" rootdn "cn=cdstaff,dc=unl,dc=pt" directory "/var/lib/ldap/cn=Domain Computers,ou=grupos,dc=fct,dc=unl,dc=pt" index objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn eq lastmod on access to dn.base="cn=Domain Computers,ou=grupos,dc=fct,dc=unl,dc=pt" by * read access to * by dn="cn=cpdunl,dc=unl,dc=pt" write by dn="cn=readercpdunl,dc=unl,dc=pt" write by dn="cn=cdstaff,dc=unl,dc=pt" write by * read subordinate database hdb suffix "cn=Administrators,ou=grupos,dc=fct,dc=unl,dc=pt" rootdn "cn=cdstaff,dc=unl,dc=pt" directory "/var/lib/ldap/cn=Administrators,ou=grupos,dc=fct,dc=unl,dc=pt" index objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn eq lastmod on access to dn.base="cn=Domain Guests,ou=grupos,dc=fct,dc=unl,dc=pt" by * read access to * by dn="cn=cpdunl,dc=unl,dc=pt" write by dn="cn=readercpdunl,dc=unl,dc=pt" write by dn="cn=cdstaff,dc=unl,dc=pt" write by * read subordinate database hdb suffix "cn=Users,ou=grupos,dc=fct,dc=unl,dc=pt" rootdn "cn=cdstaff,dc=unl,dc=pt" directory "/var/lib/ldap/cn=Users,ou=grupos,dc=fct,dc=unl,dc=pt" index objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn eq lastmod on access to dn.base="" by * read access to * by dn="cn=cpdunl,dc=unl,dc=pt" write by dn="cn=readercpdunl,dc=unl,dc=pt" write by dn="cn=cdstaff,dc=unl,dc=pt" write by * read subordinate database hdb suffix "cn=Guests,ou=grupos,dc=fct,dc=unl,dc=pt" rootdn "cn=cdstaff,dc=unl,dc=pt" directory "/var/lib/ldap/cn=Guests,ou=grupos,dc=fct,dc=unl,dc=pt" index objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn eq lastmod on access to dn.base="" by * read access to * by dn="cn=cpdunl,dc=unl,dc=pt" write by dn="cn=readercpdunl,dc=unl,dc=pt" write by dn="cn=cdstaff,dc=unl,dc=pt" write by * read subordinate database hdb suffix "cn=Account Operators,ou=grupos,dc=fct,dc=unl,dc=pt" rootdn "cn=cdstaff,dc=unl,dc=pt" directory "/var/lib/ldap/cn=Account Operators,ou=grupos,dc=fct,dc=unl,dc=pt" index objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn eq lastmod on access to dn.base="" by * read access to * by dn="cn=cpdunl,dc=unl,dc=pt" write by dn="cn=readercpdunl,dc=unl,dc=pt" write by dn="cn=cdstaff,dc=unl,dc=pt" write by * read subordinate database hdb suffix "cn=Print Operators,ou=grupos,dc=fct,dc=unl,dc=pt" rootdn "cn=cdstaff,dc=unl,dc=pt" directory "/var/lib/ldap/cn=Print Operators,ou=grupos,dc=fct,dc=unl,dc=pt" index objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn eq lastmod on access to dn.base="" by * read access to * by dn="cn=cpdunl,dc=unl,dc=pt" write by dn="cn=readercpdunl,dc=unl,dc=pt" write by dn="cn=cdstaff,dc=unl,dc=pt" write by * read subordinate database hdb suffix "cn=Backup Operators,ou=grupos,dc=fct,dc=unl,dc=pt" rootdn "cn=cdstaff,dc=unl,dc=pt" directory "/var/lib/ldap/cn=Backup Operators,ou=grupos,dc=fct,dc=unl,dc=pt" index objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn eq lastmod on access to dn.base="" by * read access to * by dn="cn=cpdunl,dc=unl,dc=pt" write by dn="cn=readercpdunl,dc=unl,dc=pt" write by dn="cn=cdstaff,dc=unl,dc=pt" write by * read subordinate database hdb suffix "cn=Replicators,ou=grupos,dc=fct,dc=unl,dc=pt" rootdn "cn=cdstaff,dc=unl,dc=pt" directory "/var/lib/ldap/cn=Replicators,ou=grupos,dc=fct,dc=unl,dc=pt" index objectClass,sambaSID,uid,uidNumber,gidNumber,sambaPrimaryGroupSID,sambaSIDList,sambaGroupType,displayName,cn eq lastmod on access to dn.base="" by * read access to * by dn="cn=cpdunl,dc=unl,dc=pt" write by dn="cn=readercpdunl,dc=unl,dc=pt" write by dn="cn=cdstaff,dc=unl,dc=pt" write by * read subordinate --- snip --- Some entry examples follow On the central LDAP infrastructure: hm@DIVINF-PC15:~$ ldapsearch -b "ou=agentes,dc=fct,dc=unl,dc=pt" -x -h ldap.fct.unl.pt "uid=hmmm" -LL version: 1 dn: uniqueIdentifier=15093,ou=agentes,dc=fct,dc=unl,dc=pt mailQuotaSize: 10737418240 radiusGroupName: Adm deliveryMode: noreply mailReplyText:: TWVuc2FnZW0gZGUgYXV0by1yZXBseSBwYXJhIHRlc3RlLg0K uid: hmmm gidNumber: 1000 homeDirectory: /home/agentes/15093 loginShell: /bin/customshell givenName: Hugo sn: Monteiro gecos: Hugo Miguel Marques Monteiro cn: Hugo Monteiro displayName: Hugo Monteiro uidNumber: 15093 objectClass: top objectClass: uidObject objectClass: agenteUNL objectClass: shadowAccount objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount objectClass: krb5Principal objectClass: krb5KDCEntry objectClass: qmailUser objectClass: radiusprofile uniqueIdentifier: 15093 title: Trabalhador FCT title: Aluno LEI-FCT accountStatus: active mailHost: mailstrg2.ci.fct.unl.pt qmailGID: 1000 qmailUID: 15093 mail: hmmm@fct.unl.pt mailAlternateAddress: hmmm@students.fct.unl.pt mailAlternateAddress: hugo.monteiro@fct.unl.pt mailForwardingAddress: fctunl-teste@fct.unl.pt krb5KDCFlags: 126 krb5PrincipalName: hmmm@FCT.UNL.PT sambaSID: S-1-5-21-588362536-2687990616-3095848848-30186 sambaPrimaryGroupSID: S-1-5-21-588362536-2687990616-3095848848-513 sambaHomeDrive: H: sambaLogonScript: logon.bat sambaAcctFlags: [UX ] sambaPwdLastSet: 1317217397 krb5KeyVersionNumber: 11 that same entry after translucent hm@DIVINF-PC15:~$ ldapsearch -b "ou=agentes,dc=fct,dc=unl,dc=pt" -x -h cdstaff.fct.unl.pt "uid=hmmm" -LL version: 1 dn: uniqueIdentifier=15093,ou=agentes,dc=fct,dc=unl,dc=pt mailQuotaSize: 10737418240 radiusGroupName: Adm deliveryMode: noreply mailReplyText:: TWVuc2FnZW0gZGUgYXV0by1yZXBseSBwYXJhIHRlc3RlLg0K uid: hmmm gidNumber: 1000 homeDirectory: /home/agentes/15093 loginShell: /bin/customshell givenName: Hugo sn: Monteiro gecos: Hugo Miguel Marques Monteiro cn: Hugo Monteiro displayName: Hugo Monteiro uidNumber: 15093 objectClass: top objectClass: uidObject objectClass: agenteUNL objectClass: shadowAccount objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount objectClass: qmailUser objectClass: radiusprofile objectClass: krb5Principal objectClass: krb5KDCEntry uniqueIdentifier: 15093 title: Trabalhador FCT title: Aluno LEI-FCT accountStatus: active mailHost: mailstrg2.ci.fct.unl.pt qmailGID: 1000 qmailUID: 15093 mail: hmmm@fct.unl.pt mailAlternateAddress: hmmm@students.fct.unl.pt mailAlternateAddress: hugo.monteiro@fct.unl.pt mailForwardingAddress: fctunl-teste@fct.unl.pt krb5KDCFlags: 126 krb5PrincipalName: hmmm@FCT.UNL.PT sambaSID: S-1-5-21-1327543176-3185848629-1254536839-31186 sambaPrimaryGroupSID: S-1-5-21-1327543176-3185848629-1254536839-513 sambaHomeDrive: H: sambaLogonScript: logon.bat sambaAcctFlags: [UX ] sambaPwdLastSet: 1317217397 krb5KeyVersionNumber: 11 and finaly just the local part to the problematic server dn: uniqueIdentifier=15093,ou=agentes,dc=fct,dc=unl,dc=pt uidNumber: 15093 sambaSID: S-1-5-21-1327543176-3185848629-1254536839-31186 sambaHomeDrive: H: sambaLogonScript: logon.bat sambaAcctFlags: [UX ] sambaPrimaryGroupSID: S-1-5-21-1327543176-3185848629-1254536839-513 We noticed that the crash would also happen if the query was like (&(uid=*)(objectClass=sambaSamAccount)), BUT is does not happen every time. Happens mostly when there is more usage, but nothing like high loads or anything. We've had problems every morning, around 9am, when everyone would login to their workstation. I then gave the VM more resources and since 2 days ago there has been no problem (so far). I would love to be able to help a bit more, perhaps with a core file, but i'm really lacking time atm. I will try to provide a core in a couple of days or so. Let me know if there is any special way to collect the information you need. Best regards, Hugo Monteiro. -- fct.unl.pt:~# cat .signature Hugo Monteiro Email : hugo.monteiro@fct.unl.pt Telefone : +351 212948300 Ext.15307 Web : http://hmonteiro.net Divisão de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.fct.unl.pt apoio@fct.unl.pt fct.unl.pt:~# _
changed state Feedback to Open
moved from Incoming to Software Bugs
Test to see if reproducible with back-mdb