Full_Name: Marek Platta Version: 2.4.23-7.2 OS: Debian6 URL: ldap.zumbai.pl Submission from: (NULL) (83.168.110.42) Hi!, I got problem implementing ppolicy on slapd 64bit version Tested on debian6 2.6.32-5-xen-amd64 with slapd 2.4.23-7.2 debian6 2.6.32-5-amd64 with slapd 2.4.23-7.2 and debian7 3.2.0-4-amd64 with slapd 2.4.31-1 Problem occours when i try to change parameters of ppolicy (using phpldapadmin, luma, etc.) for example: pwdMaxFailure: 6 to 5 Slapd process hangs and you can only stop it by "kill -9" On Debian 32bit works fine
marek.platta@blstream.com wrote: > Full_Name: Marek Platta > Version: 2.4.23-7.2 > OS: Debian6 > URL: ldap.zumbai.pl > Submission from: (NULL) (83.168.110.42) > > > Hi!, 2.4.23 is quite old, plus yours has been patched by Debian so we don't know what it contains. You will have to get support from Debian. If you can reproduce the issue on our current release (2.4.34) then we will investigate it. > I got problem implementing ppolicy on slapd 64bit version > > Tested on > debian6 2.6.32-5-xen-amd64 with slapd 2.4.23-7.2 > > debian6 2.6.32-5-amd64 with slapd 2.4.23-7.2 > > and > > debian7 3.2.0-4-amd64 with slapd 2.4.31-1 > > > Problem occours when i try to change parameters of ppolicy (using phpldapadmin, > luma, etc.) for example: > > pwdMaxFailure: 6 to 5 > > Slapd process hangs and you can only stop it by "kill -9" > > > On Debian 32bit works fine > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
On Wed, 6 Mar 2013 10:11:53 GMT hyc@symas.com wrote > marek.platta@blstream.com wrote: > > Full_Name: Marek Platta > > Version: 2.4.23-7.2 > > OS: Debian6 > > URL: ldap.zumbai.pl > > Submission from: (NULL) (83.168.110.42) > > 2.4.23 is quite old, plus yours has been patched by Debian so we don't know > what it contains. You will have to get support from Debian. If you can > reproduce the issue on our current release (2.4.34) then we will investigate > it. To add: I tried that with our own build of OpenLDAP 2.4.34 on Debian Squeeze 2.6.32-5-amd64 and I can't reproduce the lockup. Ciao, Michael.
Hi, I'm getting same error on 2.4.34 version slapd says: 515bf1bf daemon: activity on 1 descriptor 515bf1bf daemon: activity on:515bf1bf 515bf1bf slap_listener_activate(7): 515bf1bf daemon: epoll: listen=7 busy 515bf1bf daemon: epoll: listen=8 active_threads=0 tvp=zero 515bf1bf >>> slap_listener(ldap:///) 515bf1bf daemon: listen=7, new connection on 12 515bf1bf daemon: added 12r (active) listener=(nil) 515bf1bf conn=1003 fd=12 ACCEPT from IP=192.168.6.212:53225 (IP=0.0.0.0:389) 515bf1bf daemon: activity on 2 descriptors 515bf1bf daemon: activity on:515bf1bf 12r515bf1bf 515bf1bf daemon: read active on 12 515bf1bf daemon: epoll: listen=7 active_threads=0 tvp=zero 515bf1bf daemon: epoll: listen=8 active_threads=0 tvp=zero 515bf1bf connection_get(12) 515bf1bf connection_get(12): got connid=1003 515bf1bf connection_read(12): checking for input on id=1003 ber_get_next ldap_read: want=8, got=8 0000: 30 37 02 01 01 60 32 02 07...`2. ldap_read: want=49, got=49 0000: 01 03 04 26 63 6e 3d 44 69 72 65 63 74 6f 72 79 ...&cn=Directory 0010: 20 6d 61 6e 61 67 65 72 2c 64 63 3d 65 78 61 6d manager,dc=exam 0020: 70 6c 65 2c 64 63 3d 63 6f 6d 80 05 74 65 73 74 ple,dc=com..test 0030: 31 1 ber_get_next: tag 0x30 len 55 contents: ber_dump: buf=0x1cea6f0 ptr=0x1cea6f0 end=0x1cea727 len=55 0000: 02 01 01 60 32 02 01 03 04 26 63 6e 3d 44 69 72 ...`2....&cn=Dir 0010: 65 63 74 6f 72 79 20 6d 61 6e 61 67 65 72 2c 64 ectory manager,d 0020: 63 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d c=example,dc=com 0030: 80 05 74 65 73 74 31 ..test1 515bf1bf op tag 0x60, time 1364980159 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable 515bf1bf conn=1003 op=0 do_bind ber_scanf fmt ({imt) ber: ber_dump: buf=0x1cea6f0 ptr=0x1cea6f3 end=0x1cea727 len=52 0000: 60 32 02 01 03 04 26 63 6e 3d 44 69 72 65 63 74 `2....&cn=Direct 0010: 6f 72 79 20 6d 61 6e 61 67 65 72 2c 64 63 3d 65 ory manager,dc=e 0020: 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d 80 05 74 xample,dc=com..t 0030: 65 73 74 31 est1 ber_scanf fmt (m}) ber: ber_dump: buf=0x1cea6f0 ptr=0x1cea720 end=0x1cea727 len=7 0000: 00 05 74 65 73 74 31 ..test1 515bf1bf >>> dnPrettyNormal: <cn=Directory manager,dc=example,dc=com> => ldap_bv2dn(cn=Directory manager,dc=example,dc=com,0) <= ldap_bv2dn(cn=Directory manager,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=Directory manager,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=directory manager,dc=example,dc=com)=0 515bf1bf <<< dnPrettyNormal: <cn=Directory manager,dc=example,dc=com>, <cn=directory manager,dc=example,dc=com> 515bf1bf conn=1003 op=0 BIND dn="cn=Directory manager,dc=example,dc=com" method=128 515bf1bf do_bind: version=3 dn="cn=Directory manager,dc=example,dc=com" method=128 515bf1bf ==> hdb_bind: dn: cn=Directory manager,dc=example,dc=com 515bf1bf conn=1003 op=0 BIND dn="cn=Directory manager,dc=example,dc=com" mech=SIMPLE ssf=0 515bf1bf do_bind: v3 bind: "cn=Directory manager,dc=example,dc=com" to "cn=Directory manager,dc=example,dc=com" 515bf1bf send_ldap_result: conn=1003 op=0 p=3 515bf1bf send_ldap_result: err=0 matched="" text="" 515bf1bf send_ldap_response: msgid=1 tag=97 err=0 ber_flush2: 14 bytes to sd 12 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ ldap_write: want=14, written=14 0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........ 515bf1bf conn=1003 op=0 RESULT tag=97 err=0 text= 515bf1bf daemon: activity on 1 descriptor 515bf1bf daemon: activity on:515bf1bf 515bf1bf daemon: epoll: listen=7 active_threads=0 tvp=zero 515bf1bf daemon: epoll: listen=8 active_threads=0 tvp=zero 515bf1bf daemon: activity on 1 descriptor 515bf1bf daemon: activity on:515bf1bf 12r515bf1bf 515bf1bf daemon: read active on 12 515bf1bf daemon: epoll: listen=7 active_threads=0 tvp=zero 515bf1bf daemon: epoll: listen=8 active_threads=0 tvp=zero 515bf1bf connection_get(12) 515bf1bf connection_get(12): got connid=1003 515bf1bf connection_read(12): checking for input on id=1003 ber_get_next ldap_read: want=8, got=8 0000: 30 4d 02 01 02 63 48 04 0M...cH. ldap_read: want=71, got=71 0000: 28 63 6e 3d 64 65 66 61 75 6c 74 2c 6f 75 3d 70 (cn=default,ou=p 0010: 6f 6c 69 63 69 65 73 2c 64 63 3d 65 78 61 6d 70 olicies,dc=examp 0020: 6c 65 2c 64 63 3d 63 6f 6d 0a 01 00 0a 01 00 02 le,dc=com....... 0030: 01 00 02 01 00 01 01 00 87 0b 6f 62 6a 65 63 74 ..........object 0040: 43 6c 61 73 73 30 00 Class0. ber_get_next: tag 0x30 len 77 contents: ber_dump: buf=0x1ceaff0 ptr=0x1ceaff0 end=0x1ceb03d len=77 0000: 02 01 02 63 48 04 28 63 6e 3d 64 65 66 61 75 6c ...cH.(cn=defaul 0010: 74 2c 6f 75 3d 70 6f 6c 69 63 69 65 73 2c 64 63 t,ou=policies,dc 0020: 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d 0a =example,dc=com. 0030: 01 00 0a 01 00 02 01 00 02 01 00 01 01 00 87 0b ................ 0040: 6f 62 6a 65 63 74 43 6c 61 73 73 30 00 objectClass0. 515bf1bf op tag 0x63, time 1364980159 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable 515bf1bf conn=1003 op=1 do_search ber_scanf fmt ({miiiib) ber: ber_dump: buf=0x1ceaff0 ptr=0x1ceaff3 end=0x1ceb03d len=74 0000: 63 48 04 28 63 6e 3d 64 65 66 61 75 6c 74 2c 6f cH.(cn=default,o 0010: 75 3d 70 6f 6c 69 63 69 65 73 2c 64 63 3d 65 78 u=policies,dc=ex 0020: 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d 0a 01 00 0a ample,dc=com.... 0030: 01 00 02 01 00 02 01 00 01 01 00 87 0b 6f 62 6a .............obj 0040: 65 63 74 43 6c 61 73 73 30 00 ectClass0. 515bf1bf >>> dnPrettyNormal: <cn=default,ou=policies,dc=example,dc=com> => ldap_bv2dn(cn=default,ou=policies,dc=example,dc=com,0) <= ldap_bv2dn(cn=default,ou=policies,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=default,ou=policies,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=default,ou=policies,dc=example,dc=com)=0 515bf1bf <<< dnPrettyNormal: <cn=default,ou=policies,dc=example,dc=com>, <cn=default,ou=policies,dc=example,dc=com> 515bf1bf SRCH "cn=default,ou=policies,dc=example,dc=com" 0 0515bf1bf 0 0 0 515bf1bf begin get_filter 515bf1bf PRESENT ber_scanf fmt (m) ber: ber_dump: buf=0x1ceaff0 ptr=0x1ceb02e end=0x1ceb03d len=15 0000: 87 0b 6f 62 6a 65 63 74 43 6c 61 73 73 30 00 ..objectClass0. 515bf1bf end get_filter 0 515bf1bf filter: (objectClass=*) ber_scanf fmt ({M}}) ber: ber_dump: buf=0x1ceaff0 ptr=0x1ceb03b end=0x1ceb03d len=2 0000: 00 00 .. 515bf1bf attrs:515bf1bf 515bf1bf conn=1003 op=1 SRCH base="cn=default,ou=policies,dc=example,dc=com" scope=0 deref=0 filter="(objectClass=*)" 515bf1bf => hdb_search 515bf1bf bdb_dn2entry("cn=default,ou=policies,dc=example,dc=com") 515bf1bf => access_allowed: search access to "cn=default,ou=policies,dc=example,dc=com" "entry" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: search access granted by manage(=mwrscxd) 515bf1bf base_candidates: base: "cn=default,ou=policies,dc=example,dc=com" (0x000004b5) 515bf1bf => test_filter 515bf1bf PRESENT 515bf1bf => access_allowed: search access to "cn=default,ou=policies,dc=example,dc=com" "objectClass" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: search access granted by manage(=mwrscxd) 515bf1bf <= test_filter 6 515bf1bf => send_search_entry: conn 1003 dn="cn=default,ou=policies,dc=example,dc=com" 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "entry" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (cn) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "cn" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (objectClass) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "objectClass" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result was in cache (objectClass) 515bf1bf => access_allowed: result was in cache (objectClass) 515bf1bf => access_allowed: result was in cache (objectClass) 515bf1bf => access_allowed: result not in cache (pwdAttribute) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdAttribute" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdExpireWarning) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdExpireWarning" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdInHistory) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdInHistory" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdMustChange) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdMustChange" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdSafeModify) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdSafeModify" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdAllowUserChange) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdAllowUserChange" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdLockout) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdLockout" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdLockoutDuration) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdLockoutDuration" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdMaxFailure) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdMaxFailure" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdMaxAge) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdMaxAge" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdCheckQuality) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdCheckQuality" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf => access_allowed: result not in cache (pwdMinLength) 515bf1bf => access_allowed: read access to "cn=default,ou=policies,dc=example,dc=com" "pwdMinLength" requested 515bf1bf <= root access granted 515bf1bf => access_allowed: read access granted by manage(=mwrscxd) 515bf1bf conn=1003 op=1 ENTRY dn="cn=default,ou=policies,dc=example,dc=com" ber_flush2: 440 bytes to sd 12 0000: 30 82 01 b4 02 01 02 64 82 01 ad 04 28 63 6e 3d 0......d....(cn= 0010: 64 65 66 61 75 6c 74 2c 6f 75 3d 70 6f 6c 69 63 default,ou=polic 0020: 69 65 73 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 ies,dc=example,d 0030: 63 3d 63 6f 6d 30 82 01 7f 30 0f 04 02 63 6e 31 c=com0...0...cn1 0040: 09 04 07 64 65 66 61 75 6c 74 30 39 04 0b 6f 62 ...default09..ob 0050: 6a 65 63 74 43 6c 61 73 73 31 2a 04 03 74 6f 70 jectClass1*..top 0060: 04 09 70 77 64 50 6f 6c 69 63 79 04 06 70 65 72 ..pwdPolicy..per 0070: 73 6f 6e 04 10 70 77 64 50 6f 6c 69 63 79 43 68 son..pwdPolicyCh 0080: 65 63 6b 65 72 30 1e 04 0c 70 77 64 41 74 74 72 ecker0...pwdAttr 0090: 69 62 75 74 65 31 0e 04 0c 75 73 65 72 50 61 73 ibute1...userPas 00a0: 73 77 6f 72 64 30 1a 04 10 70 77 64 45 78 70 69 sword0...pwdExpi 00b0: 72 65 57 61 72 6e 69 6e 67 31 06 04 04 33 36 30 reWarning1...360 00c0: 30 30 13 04 0c 70 77 64 49 6e 48 69 73 74 6f 72 00...pwdInHistor 00d0: 79 31 03 04 01 31 30 17 04 0d 70 77 64 4d 75 73 y1...10...pwdMus 00e0: 74 43 68 61 6e 67 65 31 06 04 04 54 52 55 45 30 tChange1...TRUE0 00f0: 18 04 0d 70 77 64 53 61 66 65 4d 6f 64 69 66 79 ...pwdSafeModify 0100: 31 07 04 05 46 41 4c 53 45 30 1c 04 12 70 77 64 1...FALSE0...pwd 0110: 41 6c 6c 6f 77 55 73 65 72 43 68 61 6e 67 65 31 AllowUserChange1 0120: 06 04 04 54 52 55 45 30 15 04 0a 70 77 64 4c 6f ...TRUE0...pwdLo 0130: 63 6b 6f 75 74 31 07 04 05 46 41 4c 53 45 30 1a ckout1...FALSE0. 0140: 04 12 70 77 64 4c 6f 63 6b 6f 75 74 44 75 72 61 ..pwdLockoutDura 0150: 74 69 6f 6e 31 04 04 02 31 32 30 14 04 0d 70 77 tion1...120...pw 0160: 64 4d 61 78 46 61 69 6c 75 72 65 31 03 04 01 35 dMaxFailure1...5 0170: 30 19 04 09 70 77 64 4d 61 78 41 67 65 31 0c 04 0...pwdMaxAge1.. 0180: 0a 32 35 39 32 30 30 30 30 30 30 30 16 04 0f 70 .25920000000...p 0190: 77 64 43 68 65 63 6b 51 75 61 6c 69 74 79 31 03 wdCheckQuality1. 01a0: 04 01 32 30 13 04 0c 70 77 64 4d 69 6e 4c 65 6e ..20...pwdMinLen 01b0: 67 74 68 31 03 04 01 37 gth1...7 ldap_write: want=440, written=440 0000: 30 82 01 b4 02 01 02 64 82 01 ad 04 28 63 6e 3d 0......d....(cn= 0010: 64 65 66 61 75 6c 74 2c 6f 75 3d 70 6f 6c 69 63 default,ou=polic 0020: 69 65 73 2c 64 63 3d 65 78 61 6d 70 6c 65 2c 64 ies,dc=example,d 0030: 63 3d 63 6f 6d 30 82 01 7f 30 0f 04 02 63 6e 31 c=com0...0...cn1 0040: 09 04 07 64 65 66 61 75 6c 74 30 39 04 0b 6f 62 ...default09..ob 0050: 6a 65 63 74 43 6c 61 73 73 31 2a 04 03 74 6f 70 jectClass1*..top 0060: 04 09 70 77 64 50 6f 6c 69 63 79 04 06 70 65 72 ..pwdPolicy..per 0070: 73 6f 6e 04 10 70 77 64 50 6f 6c 69 63 79 43 68 son..pwdPolicyCh 0080: 65 63 6b 65 72 30 1e 04 0c 70 77 64 41 74 74 72 ecker0...pwdAttr 0090: 69 62 75 74 65 31 0e 04 0c 75 73 65 72 50 61 73 ibute1...userPas 00a0: 73 77 6f 72 64 30 1a 04 10 70 77 64 45 78 70 69 sword0...pwdExpi 00b0: 72 65 57 61 72 6e 69 6e 67 31 06 04 04 33 36 30 reWarning1...360 00c0: 30 30 13 04 0c 70 77 64 49 6e 48 69 73 74 6f 72 00...pwdInHistor 00d0: 79 31 03 04 01 31 30 17 04 0d 70 77 64 4d 75 73 y1...10...pwdMus 00e0: 74 43 68 61 6e 67 65 31 06 04 04 54 52 55 45 30 tChange1...TRUE0 00f0: 18 04 0d 70 77 64 53 61 66 65 4d 6f 64 69 66 79 ...pwdSafeModify 0100: 31 07 04 05 46 41 4c 53 45 30 1c 04 12 70 77 64 1...FALSE0...pwd 0110: 41 6c 6c 6f 77 55 73 65 72 43 68 61 6e 67 65 31 AllowUserChange1 0120: 06 04 04 54 52 55 45 30 15 04 0a 70 77 64 4c 6f ...TRUE0...pwdLo 0130: 63 6b 6f 75 74 31 07 04 05 46 41 4c 53 45 30 1a ckout1...FALSE0. 0140: 04 12 70 77 64 4c 6f 63 6b 6f 75 74 44 75 72 61 ..pwdLockoutDura 0150: 74 69 6f 6e 31 04 04 02 31 32 30 14 04 0d 70 77 tion1...120...pw 0160: 64 4d 61 78 46 61 69 6c 75 72 65 31 03 04 01 35 dMaxFailure1...5 0170: 30 19 04 09 70 77 64 4d 61 78 41 67 65 31 0c 04 0...pwdMaxAge1.. 0180: 0a 32 35 39 32 30 30 30 30 30 30 30 16 04 0f 70 .25920000000...p 0190: 77 64 43 68 65 63 6b 51 75 61 6c 69 74 79 31 03 wdCheckQuality1. 01a0: 04 01 32 30 13 04 0c 70 77 64 4d 69 6e 4c 65 6e ..20...pwdMinLen 01b0: 67 74 68 31 03 04 01 37 gth1...7 515bf1bf <= send_search_entry: conn 1003 exit. 515bf1bf send_ldap_result: conn=1003 op=1 p=3 515bf1bf send_ldap_result: err=0 matched="" text="" 515bf1bf send_ldap_response: msgid=2 tag=101 err=0 ber_flush2: 14 bytes to sd 12 0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00 0....e........ ldap_write: want=14, written=14 0000: 30 0c 02 01 02 65 07 0a 01 00 04 00 04 00 0....e........ 515bf1bf conn=1003 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= 515bf1bf daemon: activity on 1 descriptor 515bf1bf daemon: activity on:515bf1bf 515bf1bf daemon: epoll: listen=7 active_threads=0 tvp=zero 515bf1bf daemon: epoll: listen=8 active_threads=0 tvp=zero 515bf1c0 daemon: activity on 1 descriptor 515bf1c0 daemon: activity on:515bf1c0 12r515bf1c0 515bf1c0 daemon: read active on 12 515bf1c0 daemon: epoll: listen=7 active_threads=0 tvp=zero 515bf1c0 daemon: epoll: listen=8 active_threads=0 tvp=zero 515bf1c0 connection_get(12) 515bf1c0 connection_get(12): got connid=1003 515bf1c0 connection_read(12): checking for input on id=1003 ber_get_next ldap_read: want=8, got=8 0000: 30 62 02 01 03 66 5d 04 0b...f]. ldap_read: want=92, got=92 0000: 28 63 6e 3d 64 65 66 61 75 6c 74 2c 6f 75 3d 70 (cn=default,ou=p 0010: 6f 6c 69 63 69 65 73 2c 64 63 3d 65 78 61 6d 70 olicies,dc=examp 0020: 6c 65 2c 64 63 3d 63 6f 6d 30 31 30 15 0a 01 01 le,dc=com010.... 0030: 30 10 04 0c 70 77 64 4d 69 6e 4c 65 6e 67 74 68 0...pwdMinLength 0040: 31 00 30 18 0a 01 00 30 13 04 0c 70 77 64 4d 69 1.0....0...pwdMi 0050: 6e 4c 65 6e 67 74 68 31 03 04 01 38 nLength1...8 ber_get_next: tag 0x30 len 98 contents: ber_dump: buf=0x1dec740 ptr=0x1dec740 end=0x1dec7a2 len=98 0000: 02 01 03 66 5d 04 28 63 6e 3d 64 65 66 61 75 6c ...f].(cn=defaul 0010: 74 2c 6f 75 3d 70 6f 6c 69 63 69 65 73 2c 64 63 t,ou=policies,dc 0020: 3d 65 78 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d 30 =example,dc=com0 0030: 31 30 15 0a 01 01 30 10 04 0c 70 77 64 4d 69 6e 10....0...pwdMin 0040: 4c 65 6e 67 74 68 31 00 30 18 0a 01 00 30 13 04 Length1.0....0.. 0050: 0c 70 77 64 4d 69 6e 4c 65 6e 67 74 68 31 03 04 .pwdMinLength1.. 0060: 01 38 .8 515bf1c0 op tag 0x66, time 1364980160 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable 515bf1c0 conn=1003 op=2 do_modify ber_scanf fmt ({m) ber: ber_dump: buf=0x1dec740 ptr=0x1dec743 end=0x1dec7a2 len=95 0000: 66 5d 04 28 63 6e 3d 64 65 66 61 75 6c 74 2c 6f f].(cn=default,o 0010: 75 3d 70 6f 6c 69 63 69 65 73 2c 64 63 3d 65 78 u=policies,dc=ex 0020: 61 6d 70 6c 65 2c 64 63 3d 63 6f 6d 30 31 30 15 ample,dc=com010. 0030: 0a 01 01 30 10 04 0c 70 77 64 4d 69 6e 4c 65 6e ...0...pwdMinLen 0040: 67 74 68 31 00 30 18 0a 01 00 30 13 04 0c 70 77 gth1.0....0...pw 0050: 64 4d 69 6e 4c 65 6e 67 74 68 31 03 04 01 38 dMinLength1...8 515bf1c0 conn=1003 op=2 do_modify: dn (cn=default,ou=policies,dc=example,dc=com) ber_scanf fmt ({e{m[W]}}) ber: ber_dump: buf=0x1dec740 ptr=0x1dec771 end=0x1dec7a2 len=49 0000: 30 15 0a 01 01 30 10 04 0c 70 77 64 4d 69 6e 4c 0....0...pwdMinL 0010: 65 6e 67 74 68 31 00 30 18 0a 01 00 30 13 04 0c ength1.0....0... 0020: 70 77 64 4d 69 6e 4c 65 6e 67 74 68 31 03 04 01 pwdMinLength1... 0030: 38 8 ber_scanf fmt ({e{m[W]}}) ber: ber_dump: buf=0x1dec740 ptr=0x1dec788 end=0x1dec7a2 len=26 0000: 30 18 0a 01 00 30 13 04 0c 70 77 64 4d 69 6e 4c 0....0...pwdMinL 0010: 65 6e 67 74 68 31 03 04 01 38 ength1...8 515bf1c0 >>> dnPrettyNormal: <cn=default,ou=policies,dc=example,dc=com> => ldap_bv2dn(cn=default,ou=policies,dc=example,dc=com,0) <= ldap_bv2dn(cn=default,ou=policies,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=default,ou=policies,dc=example,dc=com)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=default,ou=policies,dc=example,dc=com)=0 515bf1c0 <<< dnPrettyNormal: <cn=default,ou=policies,dc=example,dc=com>, <cn=default,ou=policies,dc=example,dc=com> 515bf1c0 conn=1003 op=2 modifications: 515bf1c0 delete: pwdMinLength 515bf1c0 no values 515bf1c0 add: pwdMinLength 515bf1c0 one value, length 1 515bf1c0 conn=1003 op=2 MOD dn="cn=default,ou=policies,dc=example,dc=com" 515bf1c0 conn=1003 op=2 MOD attr=pwdMinLength pwdMinLength 515bf1c0 bdb_dn2entry("cn=default,ou=policies,dc=example,dc=com") 515bf1c0 => bdb_entry_get: ndn: "cn=default,ou=policies,dc=example,dc=com" 515bf1c0 => bdb_entry_get: oc: "(null)", at: "(null)" 515bf1c0 bdb_dn2entry("cn=default,ou=policies,dc=example,dc=com") 515bf1c0 => bdb_entry_get: found entry: "cn=default,ou=policies,dc=example,dc=com" 515bf1c0 bdb_entry_get: rc=0 515bf1c0 => bdb_entry_get: ndn: "cn=default,ou=policies,dc=example,dc=com" 515bf1c0 => bdb_entry_get: oc: "(null)", at: "(null)" 515bf1c0 bdb_dn2entry("cn=default,ou=policies,dc=example,dc=com") 515bf1c0 => bdb_entry_get: found entry: "cn=default,ou=policies,dc=example,dc=com" 515bf1c0 bdb_entry_get: rc=0 515bf1c0 ppolicy_get: using default policy 515bf1c0 hdb_modify: cn=default,ou=policies,dc=example,dc=com 515bf1c0 slap_queue_csn: queing 0x7f460d036240 20130403090920.048272Z#000000#000#000000 515bf1c0 hdb_modify: txn1 id: 80000006 515bf1c0 bdb_dn2entry("cn=default,ou=policies,dc=example,dc=com") 515bf1c0 hdb_modify: txn2 id: 80000007 515bf1c0 bdb_modify_internal: 0x000004b5: cn=default,ou=policies,dc=example,dc=com 515bf1c0 <= acl_access_allowed: granted to database root 515bf1c0 bdb_modify_internal: delete pwdMinLength 515bf1c0 bdb_modify_internal: add pwdMinLength 515bf1c0 bdb_modify_internal: replace entryCSN 515bf1c0 bdb_modify_internal: replace modifiersName 515bf1c0 bdb_modify_internal: replace modifyTimestamp 515bf1c0 oc_check_required entry (cn=default,ou=policies,dc=example,dc=com), objectClass "pwdPolicy" 515bf1c0 oc_check_required entry (cn=default,ou=policies,dc=example,dc=com), objectClass "person" 515bf1c0 oc_check_required entry (cn=default,ou=policies,dc=example,dc=com), objectClass "pwdPolicyChecker" 515bf1c0 oc_check_allowed type "cn" 515bf1c0 oc_check_allowed type "objectClass" 515bf1c0 oc_check_allowed type "pwdAttribute" 515bf1c0 oc_check_allowed type "pwdExpireWarning" 515bf1c0 oc_check_allowed type "pwdInHistory" 515bf1c0 oc_check_allowed type "pwdMustChange" 515bf1c0 oc_check_allowed type "pwdSafeModify" 515bf1c0 oc_check_allowed type "structuralObjectClass" 515bf1c0 oc_check_allowed type "entryUUID" 515bf1c0 oc_check_allowed type "creatorsName" 515bf1c0 oc_check_allowed type "createTimestamp" 515bf1c0 oc_check_allowed type "pwdAllowUserChange" 515bf1c0 oc_check_allowed type "pwdLockout" 515bf1c0 oc_check_allowed type "pwdLockoutDuration" 515bf1c0 oc_check_allowed type "pwdMaxFailure" 515bf1c0 oc_check_allowed type "pwdMaxAge" 515bf1c0 oc_check_allowed type "pwdCheckQuality" 515bf1c0 oc_check_allowed type "pwdMinLength" 515bf1c0 oc_check_allowed type "entryCSN" 515bf1c0 oc_check_allowed type "modifiersName" 515bf1c0 oc_check_allowed type "modifyTimestamp" 515bf1c0 => entry_encode(0x000004b5): 515bf1c0 <= entry_encode(0x000004b5): 515bf1c0 daemon: activity on 1 descriptor 515bf1c0 daemon: activity on:515bf1c0 515bf1c0 daemon: epoll: listen=7 active_threads=0 tvp=zero 515bf1c0 daemon: epoll: listen=8 active_threads=0 tvp=zero and hangs ;/
marek.platta@blstream.com wrote: > Hi, > > I'm getting same error on 2.4.34 version Post your config. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Howard Chu wrote: > marek.platta@blstream.com wrote: >> Hi, >> >> I'm getting same error on 2.4.34 version > > Post your config. Also post a gdb backtrace from slapd when it's in this state. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Hi, my config is: include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/openldap.schema include /etc/ldap/schema/ppolicy.schema pidfile /var/run/slapd.pid argsfile /var/run/slapd.args loglevel none modulepath /root/openldap-2.4.34/libraries/libldap/ moduleload back_hdb moduleload ppolicy.la sizelimit 99999999 tool-threads 1 backend hdb database monitor database hdb suffix "dc=example,dc=com" overlay ppolicy ppolicy_default "cn=default,ou=policies,dc=example,dc=com" rootdn "cn=Directory Manager,dc=example,dc=com" rootpw {SSHA}5jMwnEvS+5cgKVtQVieEYScUjEQvhSkQ directory "/usr/local/var/openldap-data" dbconfig set_cachesize 0 209715200 0 dbconfig set_lk_max_objects 150000 dbconfig set_lk_max_locks 150000 dbconfig set_lk_max_lockers 150000 index objectClass eq index uid eq index businessUnit eq index cn eq index lead eq index ishidden eq lastmod on checkpoint 512 30 access to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword by dn="cn=Directory Manager" write by dn="cn=admin-ro,dc=example,dc=com" read by anonymous auth by self write by * none access to * by dn="cn=Directory Manager" write by * read
I reproduced this with current RE24. It seems to be caused by setting pwdMaxAge to a very large value. In Marek's previous debug output you can see his policy object as returned from a search. Among other attrs it has: pwdMaxAge: 2592000000 I reproduced the report with the following setup: ### slapd.conf include ../openldap/servers/slapd/schema/core.schema include ../openldap/servers/slapd/schema/ppolicy.schema moduleload back_hdb moduleload ppolicy database hdb directory db suffix dc=example,dc=com rootdn cn=root,dc=example,dc=com rootpw secret access to * by dn="cn=admin,dc=example,dc=com" manage by * read index objectClass eq overlay ppolicy ppolicy_default cn=default,ou=policies,dc=example,dc=com ### init.ldif dn: dc=example,dc=com objectClass: domain dn: cn=admin,dc=example,dc=com objectClass: organizationalRole objectClass: simpleSecurityObject userPassword: secret dn: ou=policies,dc=example,dc=com objectClass: organizationalUnit dn: cn=default,ou=policies,dc=example,dc=com objectClass: organizationalRole objectClass: pwdPolicy pwdAttribute: userPassword pwdMaxAge: 2592000000 ### mod.ldif dn: cn=default,ou=policies,dc=example,dc=com add: pwdMaxFailure pwdMaxFailure: 7 Launched slapd and triggered via: $ ldapmodify -x -D cn=admin,dc=example,dc=com -W -f mod.ldif slapd hangs, ldapmodify is still waiting for it, and gdb says: Program received signal SIGINT, Interrupt. 0x00007ffff75f24db in pthread_join (threadid=140737286698752, thread_return=0x0) at pthread_join.c:92 92 pthread_join.c: No such file or directory. (gdb) thread apply all bt Thread 3 (Thread 0x7ffff3faf700 (LWP 25350)): #0 0x00007ffff7326653 in epoll_wait () at ../sysdeps/unix/syscall-template.S:81 #1 0x00000000004257b9 in slapd_daemon_task (ptr=0xa83a10) at daemon.c:2539 #2 0x00007ffff75f10a4 in start_thread (arg=0x7ffff3faf700) at pthread_create.c:309 #3 0x00007ffff732607d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 2 (Thread 0x7ffff37ae700 (LWP 25353)): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185 #1 0x00007ffff7a4e79d in __db_pthread_mutex_lock () from /usr/lib/x86_64-linux-gnu/libdb-5.3.so #2 0x00007ffff7af74e0 in __lock_get_internal () from /usr/lib/x86_64-linux-gnu/libdb-5.3.so #3 0x00007ffff7af8719 in __lock_vec () from /usr/lib/x86_64-linux-gnu/libdb-5.3.so #4 0x00007ffff7af8e9f in __lock_vec_pp () from /usr/lib/x86_64-linux-gnu/libdb-5.3.so #5 0x000000000052f7ed in hdb_cache_entry_db_relock (bdb=0x934920, txn=0x7fffe4102810, ei=0x7fffe4101e80, rw=1, tryOnly=0, lock=0x7ffff37ac340) at cache.c:198 #6 0x0000000000531a43 in hdb_cache_modify (bdb=0x934920, e=0x9aca18, newAttrs=0x9c0690, txn=0x7fffe4102810, lock=0x7ffff37ac340) at cache.c:1231 #7 0x00000000004d85f6 in hdb_modify (op=0x7fffe4000aa0, rs=0x7ffff37adae0) at modify.c:764 #8 0x00000000004b740c in overlay_op_walk (op=0x7fffe4000aa0, rs=0x7ffff37adae0, which=op_modify, oi=0x936420, on=0x0) at backover.c:677 #9 0x00000000004b7637 in over_op_func (op=0x7fffe4000aa0, rs=0x7ffff37adae0, which=op_modify) at backover.c:730 #10 0x00000000004b776b in over_op_modify (op=0x7fffe4000aa0, rs=0x7ffff37adae0) at backover.c:769 #11 0x0000000000449541 in fe_op_modify (op=0x7fffe4000aa0, rs=0x7ffff37adae0) at modify.c:303 #12 0x0000000000448e13 in do_modify (op=0x7fffe4000aa0, rs=0x7ffff37adae0) at modify.c:177 #13 0x0000000000429a3f in connection_operation (ctx=0x7ffff37adc10, arg_v=0x7fffe4000aa0) at connection.c:1155 #14 0x0000000000429fdb in connection_read_thread (ctx=0x7ffff37adc10, argv=0xe) at connection.c:1291 #15 0x000000000058415d in ldap_int_thread_pool_wrapper (xpool=0x909fd0) at tpool.c:696 #16 0x00007ffff75f10a4 in start_thread (arg=0x7ffff37ae700) at pthread_create.c:309 #17 0x00007ffff732607d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 1 (Thread 0x7ffff7fec700 (LWP 25346)): #0 0x00007ffff75f24db in pthread_join (threadid=140737286698752, thread_return=0x0) at pthread_join.c:92 #1 0x00000000005855f3 in ldap_pvt_thread_join (thread=140737286698752, thread_return=0x0) at thr_posix.c:197 #2 0x0000000000426986 in slapd_daemon () at daemon.c:2932 #3 0x000000000040602d in main (argc=8, argv=0x7fffffffe598) at main.c:1017 If I change the config to use back-mdb instead, I get a crash: 55dce2bf conn=1000 op=1 MOD dn="cn=default,ou=policies,dc=example,dc=com" 55dce2bf conn=1000 op=1 MOD attr=pwdMaxFailure slapd: id2entry.c:520: mdb_opinfo_get: Assertion `!rc' failed. [New Thread 0x7ffff2caf700 (LWP 25374)] [New Thread 0x7ffff34b0700 (LWP 25371)] Program received signal SIGABRT, Aborted. [Switching to Thread 0x7ffff2caf700 (LWP 25374)] 0x00007ffff7275107 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 0x00007ffff7275107 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x00007ffff72764e8 in __GI_abort () at abort.c:89 #2 0x00007ffff726e226 in __assert_fail_base (fmt=0x7ffff73a4d08 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x5f29e4 "!rc", file=file@entry=0x5f2975 "id2entry.c", line=line@entry=520, function=function@entry=0x5f2b30 <__PRETTY_FUNCTION__.12200> "mdb_opinfo_get") at assert.c:92 #3 0x00007ffff726e2d2 in __GI___assert_fail (assertion=0x5f29e4 "!rc", file=0x5f2975 "id2entry.c", line=520, function=0x5f2b30 <__PRETTY_FUNCTION__.12200> "mdb_opinfo_get") at assert.c:101 #4 0x0000000000553a71 in mdb_opinfo_get (op=0x7fffe4000aa0, mdb=0x7ffff7f2a010, rdonly=1, moip=0x7ffff2cacf18) at id2entry.c:520 #5 0x000000000055306b in mdb_entry_get (op=0x7fffe4000aa0, ndn=0x7fffe4000ad8, oc=0x0, at=0x0, rw=0, ent=0x7ffff2cad2c8) at id2entry.c:327 #6 0x00000000004b6a41 in overlay_entry_get_ov (op=0x7fffe4000aa0, dn=0x7fffe4000ad8, oc=0x0, ad=0x0, rw=0, e=0x7ffff2cad2c8, on=0x0) at backover.c:364 #7 0x00000000004b6b11 in over_entry_get_rw (op=0x7fffe4000aa0, dn=0x7fffe4000ad8, oc=0x0, ad=0x0, rw=0, e=0x7ffff2cad2c8) at backover.c:396 #8 0x000000000043ca86 in be_entry_get_rw (op=0x7fffe4000aa0, ndn=0x7fffe4000ad8, oc=0x0, at=0x0, rw=0, e=0x7ffff2cad2c8) at backend.c:1366 #9 0x0000000000561e6c in ppolicy_modify (op=0x7fffe4000aa0, rs=0x7ffff2caeae0) at ppolicy.c:1626 #10 0x00000000004b7362 in overlay_op_walk (op=0x7fffe4000aa0, rs=0x7ffff2caeae0, which=op_modify, oi=0x935700, on=0x9358e0) at backover.c:661 #11 0x00000000004b7637 in over_op_func (op=0x7fffe4000aa0, rs=0x7ffff2caeae0, which=op_modify) at backover.c:730 #12 0x00000000004b776b in over_op_modify (op=0x7fffe4000aa0, rs=0x7ffff2caeae0) at backover.c:769 #13 0x0000000000449541 in fe_op_modify (op=0x7fffe4000aa0, rs=0x7ffff2caeae0) at modify.c:303 #14 0x0000000000448e13 in do_modify (op=0x7fffe4000aa0, rs=0x7ffff2caeae0) at modify.c:177 #15 0x0000000000429a3f in connection_operation (ctx=0x7ffff2caec10, arg_v=0x7fffe4000aa0) at connection.c:1155 #16 0x0000000000429fdb in connection_read_thread (ctx=0x7ffff2caec10, argv=0xb) at connection.c:1291 #17 0x000000000058415d in ldap_int_thread_pool_wrapper (xpool=0x909fd0) at tpool.c:696 #18 0x00007ffff75f10a4 in start_thread (arg=0x7ffff2caf700) at pthread_create.c:309 #19 0x00007ffff732607d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 It seems like the crash does not happen if I bind as the rootdn, only when using the admin DN. The hang with back-hdb happens with both. Like I mentioned above, the problem seems to be related to the large pwdMaxAge value. If I drop a few 0s off the end of it, everything works properly. That might be related to Marek's statement that he only experienced the problem on 64-bit...
On Tue, Aug 25, 2015 at 10:00:55PM +0000, ryan@nardis.ca wrote: >I reproduced this with current RE24. It seems to be caused by setting >pwdMaxAge to a very large value. ... or any other ppolicy attribute. >It seems like the crash does not happen if I bind as the rootdn, only >when using the admin DN. That was incorrect, bind DN doesn't matter. In ppolicy_get, the defaultpol label skips releasing the entry lock, so if it's called again, it deadlocks.
changed state Open to Test moved from Incoming to Software Bugs
changed notes
changed notes changed state Test to Release
fixed in master fixed in RE25 fixed in RE24
changed notes changed state Release to Closed