8577 – Accesslog overlay hangs slapd depending on module loading order

Issue 8577 - Accesslog overlay hangs slapd depending on module loading order

Summary: Accesslog overlay hangs slapd depending on module loading order

Status:	VERIFIED FIXED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	slapd (show other issues)
Version:	2.4.44
Hardware:	All All

Importance:	--- normal
Target Milestone:	2.5.3
Assignee:	Howard Chu

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-02-01 18:38 UTC by mj@netauth.com
Modified:	2021-04-01 04:02 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description mj@netauth.com 2017-02-01 18:38:27 UTC

Full_Name: Mike Jackson
Version: 2.4.44
OS: Oracle Linux Server release 7.2
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (194.157.185.162)


Same issue as Stroeder mentioned here:

http://www.openldap.org/lists/openldap-bugs/201111/msg00027.html

If accesslog.la is loaded before syncprov.la, slapd will stop accepting
connections immediately after accesslog overlay is added.


olcModuleLoad: {0}ppolicy.la
olcModuleLoad: {1}auditlog.la
olcModuleLoad: {2}back_ldap.la
olcModuleLoad: {3}unique.la
olcModuleLoad: {4}accesslog.la
olcModuleLoad: {5}syncprov.la


ldapadd -f 

dn: oDatatabase={4}mdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcMdbConfig
olcDatabase: {4}mdb
olcDbDirectory: /var/lib/ldap/accesslog
olcSuffix: cn=log
olcDbIndex: default eq
olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart
olcDbMaxSize: 1073741824
olcDbMode: 0600
olcAccess: {0}to * by
dn.children="ou=global-admins,ou=admin-users,dc=foo,dc=net" read

dn: olcOverlay=accesslog,olcDatabase={4}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcAccessLogConfig
olcOverlay: accesslog
olccccessLogDB<ncn=log
olcAccessLogOps: writes
olcAccessLogSuccess: TRUE
olcAccessLogPurge: 7+00:00 1+00:00

Comment 1 Quanah Gibson-Mount 2017-02-06 21:18:11 UTC

--On Wednesday, February 01, 2017 6:38 PM +0000 mj@netauth.com wrote:

> Full_Name: Mike Jackson
> Version: 2.4.44
> OS: Oracle Linux Server release 7.2
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (194.157.185.162)
>
>
> Same issue as Stroeder mentioned here:
>
> http://www.openldap.org/lists/openldap-bugs/201111/msg00027.html
>
> If accesslog.la is loaded before syncprov.la, slapd will stop accepting
> connections immediately after accesslog overlay is added.

To note, this was a configuration error where accesslog overlay was being 
configured to write ops back onto itself.  We should probably check for 
this and reject it (vs allowing it to lock up slapd).

--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Comment 2 Quanah Gibson-Mount 2017-03-17 16:48:44 UTC

moved from Incoming to Software Bugs

Comment 3 Howard Chu 2021-03-21 17:20:55 UTC

fixed in master

Comment 4 Quanah Gibson-Mount 2021-03-21 19:40:28 UTC

Commits: 
  • 7a4e70f3 
by Howard Chu at 2021-03-21T17:20:05+00:00 
ITS#8577 don't allow setting logDB to current DB