Issue 8479 - overlay unique + mdb: loop and OOM kill, 2 URS as olcUniqueURI value
Summary: overlay unique + mdb: loop and OOM kill, 2 URS as olcUniqueURI value
Status: VERIFIED DUPLICATE of issue 9077
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: 2.4.44
Hardware: All All
: --- normal
Target Milestone: 2.5.0
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-08-15 12:09 UTC by william.b.clay@acm.org
Modified: 2020-10-14 21:28 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description william.b.clay@acm.org 2016-08-15 12:09:51 UTC 
Full_Name: Bill Clay
Version: 2.4.44
OS: Debian/GNU Linux 7.8 (Wheezy)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (87.15.115.130)


The below modification to an otherwise correctly-functioning slapd instance
provokes an infinite loop that eventually ends with allocation of all configured
virtual memory, kernel invocation of its oom-killer (generally on an innocent
bystander), and sometimes a kernel panic. This scenario is 100% repeatable on
this installation.

If I understand "man 5 slapo-unique" correctly, an instance of overlay unique
may specify more than one olcUniqueURI attribute, each of which may specify more
than one space-separated (?) URI.  In this case, I am replacing two
initially-configured olcUniqueURI attributes whose values comprise a single URI
each (and which seem to work correctly) by one olcUniqueURI attribute with two
URIs.

bill@fuji:~$ sudo ldapmodify -YEXTERNAL -Hldapi://
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn:olcOverlay={2}unique,olcDatabase={3}mdb,cn=config
changetype: modify
replace: olcUniqueURI
olcUniqueURI: ldap:///ou=gruppi,dc=test?gidNumber?one
ldap:///ou=gruppi,dc=test?owner?one

modifying entry "olcOverlay={2}unique,olcDatabase={3}mdb,cn=config"
ldap_result: Can't contact LDAP server (-1)

bill@fuji:~$ 

This slapd is the following custom build on an otherwise fairly stock Debian
Wheezy system.

cd /usr/local/src/openldap-2.4.44
./configure --sysconfdir=/etc --localstatedir=/ \
 --disable-backends --enable-mdb --enable-monitor --enable-crypt \
 --with-cyrus-sasl --enable-spasswd --enable-syslog --enable-local \
 --disable-overlays --enable-memberof --enable-refint --enable-unique \
 --disable-modules --with-cyrus-sasl --with-tls --with-threads --with-gnu-ld
# if --enable-shell, avoid --with threads

I have uploaded files bill-clay-160815-<type>.txt to
ftp://ftp.openldap.org/incoming/ for the following <types>:

log: console log of slapd running foreground with -d1 (serial console at 57600
bps, allowing prompt manual termination via kill -KILL)

cnf1-cnf3: slapadd specification of (1) the rootDSE, (2) {2}mdb's tree
dc=epici,dc=it, and (3) {3}mdb's tree dc=test (subject of the failed
ldapmodify).

As is probably obvious from these files, I am an LDAP newbie, so there may be a
configuration error here that's painfully obvious to the experienced
practictioner.
Comment 1 Quanah Gibson-Mount 2017-03-17 20:48:03 UTC 
moved from Incoming to Software Bugs
Comment 2 Ondřej Kuzník 2020-03-31 08:04:23 UTC 
Probably the same issue as ITS#9077

*** This issue has been marked as a duplicate of issue 9077 ***